Chief Information Security Officer (CISO)

Wiki > Chief Information Security Officer (CISO)

Expect a job with a certain amount of power and creative freedom. But also remember that this power will depend a lot on the organization – some CISOs have little to none.

As the head of IT security, you could be required to:

  • Appoint and guide a team of IT security experts
  • Create a strategic plan for the deployment of information security technologies and program enhancements
  • Supervise development of (and ensure compliance with) corporate security policies, standards and procedures
  • Integrate IT systems development with security policies and information protection strategies
  • Collaborate with key stakeholders to establish an IT security risk management program
  • Audit existing systems and provide comprehensive risk assessments
  • Anticipate new security threats and stay-up-to-date with evolving infrastructures
  • Monitor security vulnerabilities, threats and events in network and host systems
  • Develop strategies to handle security incidents and coordinate investigative activities
  • Act as a focal point for IT security investigations and direct a full investigation with recommended courses of action
  • Prioritize and allocate security resources correctly and efficiently
  • Prepare financial forecasts for security operations and proper maintenance cover for security assets
  • Provide leadership, training opportunities and guidance to personnel
  • Work with senior management to ensure IT security protection policies are being implemented, reviewed, maintained and governed effectively
  • Spearhead education programs focused on user awareness and security compliance

In addition to these efforts, you may be involved in a large variety of non-technical managerial tasks. At the end of the day, the CISO reports on security to the CIO or the CEO.