Feeling lost. Need some confirmation.

I'll try to make this brief. Been doing information security for 5 years now. I have CISSP and CISM. I have had analyst/technical roles for the last 15 years roughly.

My current duties include data protection/info lifecycle, auditing our IT environment and policies, IRP/BCP coordination, policy development, security awareness, user training. I also review logs and I work with a 3rd party on vulnerability scanning and penetration testing (mainly just the rules of engagement and reviewing the reports. I don't …

analyst auditing awareness bcp cism cissp current cybersecurity data data protection development doing environment info information information security irp lifecycle logs lost policies policy policy development protection review roles security security awareness technical training