As the Sarbanes-Oxley Act of 2002 passed its fourth anniversary in July, the need for security, risk management and compliance specialists has put executive-level information security officers in even greater demand.
Some schools have responded by going so far as to develop core curriculum to develop these executives; the University of Fairfax, an online graduate university, is one.
“People are having a hard time finding qualified IT compliance officers. Weve built a graduate program to address that need. Its a boutique university in that it only focuses on information security and information assurance. We offer masters degrees and Ph.D.s,” Dr. Victor Berlin, president of the University of Fairfax, told eWEEK.
Berlin said he sees these higher education opportunities as a response to the wide range of knowledge information security officer must have.
“Its not enough for them to know what a firewall is. They need to be multi-disciplinary. SarbOx is changing on a weekly basis, and people are needed to constantly monitor these changes.
Above and beyond monitoring, however, executive compliance officers need to be able to understand what to do with their data.
“Someone needs to translate to the companies what these regulations. What does it mean for us? What do we have to change? Data analysis is central to the job,” said Berlin.
Berlin and others underscore the need for a multidisciplinary IT professional.
“This field is great for people with good analytical skills as well as program management skills. I wouldnt recommend anyone who had just been a programmer, and had no underpinning in security. Ninety percent of the compliance issues involve security and the security lifecycle,” said Chrisan Herrod, former CSO of the SEC, professor at University of Fairfax, as well as vice president of compliance solutions at Scalable Software.
Others emphasize the need for good management skills in an executive security office role.
“People have got to have a good management background and ability to deal with people. Someone right out of school, even with the relevant knowledge, wouldnt be a good fit,” said Colleen Murphy, professor at the University of Fairfax, and the director of compliance solutions delivery at Scalable Software.
Herrod also noted the important of writing skills, as security officers turn out a lot of reports, as well as comfort doing research.
“Theres been a lot of heartache in the last few years because SarbOx especially is very vague in its regulations. Youve got to be able to figure out whats necessary, and what is not,” said Herrod.
The good news is, there are no shortage of job opportunities for IT people wishing to specialize in compliance.
Gartner Research reported in December 2005 that compliance laws have driven up IT budgets significantly, expecting a 10 to 15 percent increase in IT budgets to meet with regulatory measurements in 2006, up from 5 percent in 2004.
Dice.com reported that as of June 30, there were 1,027 job postings requesting SarbOx experience.
“Regulatory compliance is growing, not shrinking. Even better, these are jobs that cant be offshored,” said Berlin.