I just published "Jobs in Information Security (InfoSec)" on #Medium. If you want to know about all the different types of jobs in InfoSec, give it read. Also, let me know which jobs I missed! link.medium.com/vMvUctqBK2

Depends on the org and how big it is, but there is also business continuity planning, disaster recovery, identity and access management, vendor management, technical compliance, program management, internal/external communications, inbound due diligence, cryptography management.

Doesn't most of that fall under traditional operations? While things like BC/DR and IAM make sense to pull into the InfoSec umbrella, often these are implemented before a security team is even established and don't migrate away from ops (that I've seen).