By DeVry University
February 27, 2023
5 min read
Decisions related to information technology (IT) infrastructure such as firewall technology, network security and database integrity, all critical to an organization’s cyber security and network reliability, fall under the domain of the chief information security officer, or CISO. Regardless of the various roles you’ll hold throughout your career as a cyber security professional, it’s likely that you’ll be working with a CISO at some point along your journey.
In this article we will get to know the CISO position a bit more and examine how you can support their vision while working alongside them.
What Is a Chief Information Security Officer?
Cisco defines the chief information security officer role as a senior-level executive who oversees the information, cyber and technology security at an organization. Many midsize companies or larger enterprises have a CISO alongside other C-suite executives like the chief executive officer (CEO), chief financial officer (CFO) and chief information officer (CIO).
Smaller businesses are not likely to hire someone specifically for chief information security officer jobs, but may have a staff member, such as a director of cyber security, who handles the CISO responsibilities. Smaller businesses and startup organizations will sometimes outsource the CISO role as a cost-efficiency measure.
CISO Roles and Responsibilities
The CISO role generally involves developing and driving a cyber security strategy and framework that is intended to secure an organization’s technology assets, such as applications and systems, while enabling and advancing business outcomes. You might ask then, what the difference is between a CISO and a CIO? The CIO is another position that is highly regarded by many in the corporate world. CIO’s set the vision for the company’s overall IT strategy and oversees major IT initiatives. The CISO, on the other hand, maintains a singular focus on security and leads the company’s information security program.
In a traditional corporate structure, the CISO position reports to the CIO. However, more Fortune 500 companies have made the CISO co-equal with the CIO in recent years.
Cisco outlines the responsibilities of the chief information security officer in the following way:
- Continuously evaluating and managing the company’s cyber and technology risks.
- Developing, justifying and evaluating investments in cyber security technology.
- Leading the company in building resilience by bolstering cyber security operations and implementing disaster recovery protocols and continuity plans.
- Developing and implementing processes and systems to prevent, detect, mitigate and recover from cyberattacks.
- Reporting to the organization’s most senior-level leaders, such as the CEO or board of directors.
The Changing Nature of the CISO
Industry leaders are talking about how the CISOs responsibilities are shifting in 2023. According to Daniel Kwong and Alain Sanchez, CISOs of the cyber security company Fortinet, the CISO’s role is no longer limited to protecting their organization from cyberattacks.
The CISO, once regarded simply as the IT department’s security manager, is now a key business enabler, risk controller and change agent tasked with delivering business value. In a recent article, they described several ways in which the CISOs responsibilities are changing in response to the new realities and demands of an evolving cyber security environment. Among them:
In recent years the CISO role has shifted dramatically with the rise of cyberattacks. CISOs are now expected to be more proactive in identifying and preventing potential cyber threats and must always be on the lookout for ways to adapt their strategies to stay ahead of the curve.
The CISO role has shifted from being largely operations focused to a strategic one, with the CISO becoming more involved in the decision-making process. It’s also evolving into a role that needs to provide a source of inspiration for innovation, rallying all team members together to work toward secure operations development.
CISOs, in addition to developing and implementing security policies, need to come to the table with a deep understanding of business operations, objectives and security strategies that are both effective and align with the overall business goals of the organization.
How Would You Work with a CISO?
If you work as a data security administrator, information security specialist, computer security specialist or other position in information systems security, it’s likely that you or others in your department would report to the CISO. The level of interaction you have with the CISO can vary depending upon the size of your organization and its data operations, but your duties would likely consist of a number of tasks to keep sensitive data out of the hands of cybercriminals while enhancing security protections, including:
- Monitoring and testing systems, servers and networks for vulnerabilities or indications of any security breaches, then reporting your findings to senior-level executives such as the CISO.
- Developing plans and procedures for safeguarding and protecting data, or for recovering data in case of an attack.
- Responding to data breaches or malware attacks.
- Training other employees in your organization in cyber security and data safety.
Want to Make Your Mark in the IT Industry?
Prepare to work with leaders, including CISOs, with our Master’s in Information Technology Management with an Emphasis in Information Security. Designed for those who want to gain skills in management while advancing their knowledge of information systems and network technologies, this master’s degree can help you prepare to manage the safeguarding of sensitive information through controlled information access and implement defensive measures like firewalls and anti-malware software to protect data.
Study 100% online or take classes at one of our campus locations in a hybrid format. Classes start every 8 weeks.