The technical definition of a CISO is the Chief Information Security Officer but what does that mean?  What does this person do and what does it take to be a good CISO?

 

As with almost everything, if you ask 5 people to define something you will end up with 8 different opinions but this is what we believe the role of a CISO requires and the core duties they perform.

​

Behavioral Capabilities

• A proactive and self-motivated leader

• A creator and driver of the Information Security Vision and Strategy

• A relationship builder

• A coach and mentor

• An excellent communicator to all levels and skillsets from executive to engineer to operations

• Passionate with a hunger for research

• Flexible, open-minded, creative, and energetic

• Credible and trustworthy

• An excellent negotiator

• Confident and able to accept criticism

​

Functional Capabilities

• Directs and approves the design of security systems

• Reviews and approves security policies, controls, and cyber incident response planning

• Approves user identity and access policies and management

• Reviews investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities

• Maintains a current understanding of the IT threat landscape for the industry

• Ensures compliance with the changing laws and applicable regulations

• Translates that knowledge to the identification of risks and actionable plans to protect the business

• Schedules periodic security audits

• Communicates cybersecurity policies and procedures to all personnel and ensure adherence

• Manages all teams, employees, contractors, and vendors involved in IT security, which may include hiring

• Continuously updates the cybersecurity strategy to leverage new technology and threat information

• Briefs the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget

• Communicates best practices and risks to all parts of the business, outside IT