Chief information security officer
The information technology (IT) industry has revolutionized the way organizations use and depend on IT. In recent years the rapid expansion of the Internet and its impact on how companies conduct business, have brought new benefits including an acceleration of communications, but also created a new set security and privacy issues. Today, companies are confronted with internal and external sources of security and privacy risks. Issues such as the protection of consumer data, privacy concerns, and regulatory compliance have created complex problems for organizations to address. The advent of this focus on information security has created a new need within the IT industry. IT professionals with a strong understanding of business, technology, and security are very much in demand in the job marketplace. One of the more interesting roles at the pinnacle of the profession is the role of Chief Information Security Officer, commonly referred to as CISO.
Although there are several common industry definitions of the role and responsibilities of a CISO, this job title should not normally be confused with the title of Chief Security Officer (CSO). In most organizations issues such as physical security, business continuity planning, and general risk management are the responsibility of a CSO. CISO is typically a top level management executive in an organization charged with providing to the executive leadership, guidance in the subject of IT security and IT risk management. It is common for a CISO in this role to report to the Chief Information Officer (CIO), who is in charge of the information technology organization, or to a Chief Technology Officer (CTO), who provides the organization with leadership in the area of technology.
Someone contemplating the role of CISO, would usually have several years of experience and solid understanding of business continuity planning, auditing, and risk management, as well as contract and vendor negotiation in the IT field. It is important that a CISO have strong working knowledge of industry and government regulations, laws, and the law enforcement community. He/she might have a certification from the International Information Systems Security Certification Consortium (ISC2), the organization that administers the Certified Information Systems Security Professional (CISSP) certification, which is one of the premier certifications for information security professionals. Another valuable professional certification is the Certified Information Systems Auditor (CISA). The CISA is the Information Systems Audit and Control Association's (ISACA) cornerstone certification.