The role of a chief information security officer (CISO) has gained prominence in the past few years. In most organizations, the CISO reports to a CTO or CIO. The CISO’s job has become cross-functional, dealing with different departments within the organization. The role of a CISO has expanded in some organizations, and many CISOs are beginning to report directly to the CEO. In some instances, the CISO provides quarterly updates to the board about the security robustness of the organization.
How To Be Successful
As security now transcends different levels within the organization, it makes sense to build relationships within the organization. Coffee time, lunch breaks or virtual video one-on-ones should be leveraged to forge understanding between different groups within the organization. The new pandemic has probably changed the methods of interaction, but the end result still remains the same.
CISOs need to be viewed as enablers by other leaders in the organization. Security should be seen in the realm of client experience. Large organizations have project managers that run multiple digital transformation initiatives. CISOs should interject and build a working relationship with technical project managers in the organization. Project managers should be trained to ask security questions at different gateways in the project process.
CISOs should have not only good personal relationships with members of the IT department but also build relationships with heads of sale, marketing, operations, legal, billing and every other department. The true message of security being an enabler needs to be communicated with each of the leaders. This education or training now has become even more important, so a good working relationship between the CISO and each of the leaders becomes pivotal for the security health of the organization.