CISO job description: What does a CISO do?

The past couple of years have been being particularly challenging for IT professionals and organisations alike, it doesn’t mean that 2022 will be any easier. As workers slowly return to the office, as well as those who desire a career in cybersecurity begin to populate the workforce, they are likely to keep working remotely on a more flexible basis for some part of the week than before the pandemic. This provides some extra security challenges that IT teams need to consider.

Many organisations are looking at reviewing their cyber security strategy as well as their response and monitoring capabilities, especially as there have been some high-profile cyber attacks recently, such as the SolarWinds hack. Businesses are choosing to do this to avoid making the same mistakes and losing their customers’ loyalty and trust, which is always detrimental but particularly so during the midst of a financial crisis.

The state of the world has changed drastically since the pandemic began, and this is especially true for the status of security too. Cyber security experts have been very busy during the last year or so: from the Solarwinds to Zoom attacks, it is necessary for organisations to possess competent security and leadership skills more than ever before. In these uncertain times, it is extremely important for companies to have an individual who can be trusted with maintaining the safety and security of the enterprise and its data.

What is a CISO?

In order for that responsibility to be taken seriously, a strategy and someone to lead that vision from theory into reality is required. Enter the chief information security officer (CISO). First borne as a role that was exclusively the preserve of US companies, the job title has now made its way to British shores, too.

The CISO, who may also be referred to as a chief security architecture or information security manager, is an executive role that oversees the protection of company and customer data, as well as the protection of infrastructure and assets from malicious actors.

In an age of rampant data theft and aggressive but important legislation, such as GDPR, every IT facility in an organisation must be secure. That not only requires the implementation of security safeguards but also the training and educating of employees. With the majority of cyber security incidents being the result of employee error, it’s important that a CISO is looking both internally and externally for potential threats.

Research suggests that a CISO can play a large part in improving security posture. The latest Cyber Risk Insights Index report by cyber insurtech Corvus Insurance revealed that almost three-quarters (72%) of surveyed companies which indicated that they needed help in improving their security were also found to lack a CISO position.

What responsibilities does a CISO have?

CISOs have a wide range of responsibilities that extend far beyond dealing with firewalls and antivirus software. They are responsible for hiring IT personnel, for providing necessary policy direction to protect the company from emerging threats., and for directly managing senior IT team leaders to ensure they are prioritising the right aspects of a strategy at any given time.

A CISO must also spearhead the company’s IT security hardware strategy and make sure necessary activities are undertaken by the appropriate department, whether this is IT staff or other IT security personnel.

Innovation also plays a key role in any organisation’s security posture. As such, the CISO will also be tasked with keeping corporate security policies, standards and procedures fresh and fit for purpose, and making sure staff across the board comply on a day-to-day basis without fail.