Cyber security shortage: what employers are really looking for

The focus on cyber security and other information governance has created a surge in demand for IT professionals who can apply their skills in a new way.

Recruitment agencies see high demand for IT professionals with audit capabilities

Recruitment agencies have seen a high demand for these professionals for both contract and permanent roles. Although candidates generally have strong technical and professional skills, they do not always have the ‘audit nose’ or awareness of how to report their findings in a way that makes less technical managers aware of the threats and vulnerabilities they are describing. They often do not present themselves effectively to prospective employers – hence losing opportunities that they could have filled.

Recruitment consultants may also lack sufficient understanding of information risk to get a full understanding of the client’s requirements for the role.  This leads to wasted effort in sending forward unsuitable candidates.

Fundamentals of Information Risk Management Auditing

As senior operations manager at KPMG Information Risk Management, Chris Wright was responsible for recruiting, training and on-boarding experienced recruits.  Based on all his experience, he has recently published Fundamentals of Information Risk Management Auditing as a low-cost introductory guide for those entering the profession.

It is easy to read and provides a wide background on subjects that may arise at interview (e.g. standards such as COBIT, ISO and COSO, approach, context of risk) with clear examples throughout.  It covers:

  • What is risk and why is it important?
  • Risks and controls
  • Enterprise risk management (ERM) frameworks
  • Risk management assurance and audit
  • Information risks and frameworks
  • Overview of general IT and management risks
  • Security and data privacy
  • System development and change control
  • Service management and disaster planning
  • Overview of application controls (integrity)
  • Planning, running and reviewing information risk management assignments
  • Personal development and qualifications

Fundamentals of Information Risk Management AuditingFundamentals of Information Risk Management Auditing is available to purchase from IT Governance for just £12.95.

Read more about the book here >>


Employers will also be looking out for candidates with the ISO 27005 Certified ISMS Risk Management (CIS RM) qualification. It demonstrates you have practical risk management methodologies to mitigate cyber security risks and ensures compliance with the internationally recognised cyber security standard, ISO 27001. Attend the IBITGQ accredited ISO 27005 training course to achieve your certification.

One Response

  1. Piers 4th August 2016