Chief Information Security Officer: Often Needed but Not Always in Place

I was reading the sample job description for Chief Information Security Officer and realized that not many of my organization’s clients has such a role defined. Clients due have a security team but the manager of this team is typically a director or vice president of technology.

Typically, these teams are focused on application or infrastructure level security as opposed to incorporating security in the strategy of the organization. These teams appear to be frustrated with the decisions management makes because they are given an application or technology and then told to make sure security policies are implemented. This poses many challenges if the security team doesn’t know the capabilities of the technology as well as the purpose of implementing it.

As a consultant in a smaller IT consultant firm, we typically don’t have conversations around future state architecture or organizational changes. If we were to be in those conversations, a chief information security office or at least someone in a strategic position with a security focus would be highly recommended. Ideally, my organization could offer a service in place of that position to create a new line of business.

Speak Your Mind

*

Skip to toolbar