Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Inside the changing role of the CISO

Sharon Florentine | July 1, 2014
Matt Comyns,global co-head of the cybersecurity practice at Russell Reynolds Associates, talks with about the challenges, opportunities and changing role of today's Chief Information Security Officer.

CISOs are distinguished by their ability to define a vision, secure support for that vision with the board and the C-suite, marshal the resources and talent required to translate that vision into reality, and engage the broader employee population to become champions for information security.

CIO: How do companies compete for, attract and retain top CISO talent?
MC: Exceptional talent in the CISO space is scarce. To attract the best candidates, companies must consider these tactics:

  1. Sell the vision for the role - CISOs will gravitate towards unique opportunities that stretch their capabilities and demonstrate impact against meaningful objectives. A clear vision that articulates this opportunity is essential.
  2. Ensure direct engagement of the CEO in the recruitment process - A strong message of strategic commitment must come directly from the CEO, who should play a vital role in the final assessment and recruitment of the finalist candidate.
  3. Prepare to pay for top talent - Scarcity is leading to rising pay for CISOs, with an annual cash compensation range of $400,000 to $600,000. Leading executives at top firms now often command annual compensation packages of more than $1 million.

CIO: How are CISOs positioned for success? Are there specific support resources and environments that are better-suited to helping CISOs and their teams be successful?
MC: To be effective, cybersecurity must exist as a broad organizational priority that engages all employees. The following factors are critical for success:

  • Reporting Attitude - At minimum, the CISO must be a prominent member of the chief information officer's, chief risk officer's or general counsel's leadership team.
  • Board and C-Suite Exposure - CISOs must maintain a consistent presence with the board and executive committee. Lacking this presence, CISOs will lack the influence and connectivity needed to ensure a forward-looking approach.
  • Distributed Deployment - Cybersecurity readiness does not result from an isolated group, but rather a continued presence in the business units served by the CISO. Additionally, business unit-specific cybersecurity teams must maintain strong ties to company leadership for the entire operation to be effective.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.