Role of the CISO
Who is the CISO?
The Chief Information Security Officer, CISO, is a senior-level executive responsible for developing and implementing an information security program. They and their team work to protect the business, its assets and IP, and the business’ reputation. This includes strategies designed to protect communications, systems and assets from both internal and external threats.
HotTopics Cheat Sheet: CISO
- The CISO is responsible for the IT security of a business, protecting assets, data, IP and reputation—and/or employees and supply chains.
- The CISO works closely with all function heads to ensure a consistent security approach across the business.
- The CISO has increased in importance as security threat levels have surged in the 21st Century.
What is the CISO’s remit?
Depending on the organisation, the CISO may work alongside a number of different C-Suite members of the technology function. The most likely is the Chief Information Officer, CIO. Together with this Officer responsible for the technology investment and overall digital strategy, the CISO invests in cybersecurity products, services and partners to manage disaster recovery and business continuity plans.
CISO roles and responsibilities
It is an increasingly critical role for the industry. Attacks and breaches have become more common as the data businesses hold has increased in both quality and quantity, increasing its value by several orders of magnitude. Over the course of the COVID19 pandemic, for example, as many organisations globally shifted to remote working to align with government regulations, the CISO and their team were placed front and centre to protect team members across the edges of their networks.
Sometimes a CISO is also responsible for the overall corporate security of the company, which includes its employees and facilities. These executives are usually known as Chief Security Officers, CSOs.
The CISO role is a complex combination of proactive and reactive work. The latter includes responding to data breaches and other security incidents, on a daily basis, but in many ways the former activity is the more important responsibility.
In these cases the CISO is also tasked with anticipating, assessing and actively managing new and emerging threats. The CISO must work with other executives across different departments, from the Chief Marketing Officer, CMO, to the Chief Financial Officer, CFO. Together they align security initiatives with broader business objectives. They also work to mitigate the risks security threats pose to the organisation’s mission and goals.
To achieve these, a CISO has several duties to perform.
These include conducting employee security awareness training, developing secure business and communication practices, identifying security objectives and metrics, choosing and purchasing security products from vendors, ensuring that the company is in regulatory compliance with the rules for relevant bodies and enforcing adherence to security practices.
Other duties and responsibilities CISOs perform include ensuring the company’s data privacy is secure—perhaps working closely with another executive, the Chief Data Officer—or managing the Computer Security Incident Response Team. Together they conduct electronic discovery and digital forensic investigations.
The importance of the CISO and their increasing influence on businesses today tells us much about the trajectory of the global industry. Businesses have a duty not just to their shareholders and bottomline, but to the safeguarding of their employees, customers and supply chain. Collaborative work between CISOs, often in pre-competitive states, are becoming more common as industries recognise a common foe—bad agents—requires common ground.
HotTopics’ technology leader community boasts thousands of technology leaders and practitioners from around the world where they meet virtually and in-person at our many formats of events in a given year, such as The Studio, to share their best practice thought leadership, learn from one another, and widen their networks.