An average IT department, they are also security guards, doing regular administrative work.
Setting up and controlling access policies, both in the IT infrastructure and the physical one inside the premises.

Requirements for an information security specialist are different for different organizations.
An information security specialist should be well versed in the operation of operating systems, networks, and their protection tools. Must know possible attack vectors and provide countermeasures to them, know how to quickly protect systems in case of attacks. To do this, it must also register them in a timely manner, organize monitoring and early warning of such facts. Detect, eliminate, document and stop the facts of intrusion, hacking and compromise of systems.
I think this is basic. In the banking sector, something else can be added here, for example, knowledge and adherence to PCI DSS, passing and conducting regular scans, audits of internal and external circuits, patching discovered holes and vulnerabilities.
An IS employee is a "system administrator++", i.e. a person with a fairly deep knowledge of what is under the hood of the OS and how networks work.

Depends on the organization and its requirements, the most popular options are

• Properly complete all IS documentation and carry out all required regulatory procedures.
  
• Organize information protection
  

The most ordinary work, not harder and not easier. If you like this business, then everything will be OK!
If you dig into the essence - then the work consists of:
- ensuring Integrity, Availability and Confidentiality
- or designing the means of Integrity, Availability and Confidentiality.
- or an audit of the means of ensuring Integrity, Availability and Confidentiality
:) understand?
What knowledge is needed:
1. Information security and risk management - Managers
2. Information asset security - this is about the life cycle of data, information and types of access control.
3. Design and development of information security systems - Engineers
4. Communications and network security - System Admins
5. Access and Identity Management - Sys Admins
6. Security Evaluation and Testing Methods - Audit, Sys Admins
7. Security Operations - Sys Admins
8. Development of Trusted/Secure Software from an Information Security Perspective -
Engineers -
www.rohos.ru/2018/10/risk-management-in-cissp-cert...

what is the work after all, how difficult is it - the work is not so difficult as responsible. The degree of responsibility is directly proportional to the status of the conntor where you protect security. In some institutions, any leaks of information in the system under your control, whether it is your direct fault or not, can easily be equated to a criminal offense. Therefore, think 10 times whether you need it or you want a quiet, calm old age)