Chief Information Security Officers are senior-level executives, responsible for protecting invaluable company information, data, and technology – all while staying true to the organization’s overall mission and goals.
Hiring CISOs is on the rise – and the reason is clear. With 2020’s massive employee exodus from corporate offices to kitchen tables and basement desks, company security infrastructures are more vulnerable than they’ve ever been. When COVID-19 began spreading in America, 18 million COVID-19 related phishing emails and 240 million spam emails were being sent per day. So, it’s no exaggeration to say that protecting corporate data has become harder than ever.
Companies structure their IT departments differently. So, if you haven’t started thinking about hiring a CISO, you probably aren’t alone. If you’re ready now, let’s dive in!
What exactly does a Chief Information Security Officer do?
Broadly speaking, CISOs are responsible for executing, implementing and maintaining a company’s systems, communications and assets from cyberthreats. CISOs maintain a large umbrella of responsibilities, including but not limited to:
- Protecting data from loss or fraud
- Evading cyber attacks and threats
- Managing security hardware and software
- Keeping ahead of security needs
- Leading security investigations
CISOs are also responsible for establishing and implementing high-level policies and procedures, as well as appropriate standards and controls. Last, but certainly not least – CISOs often manage and dull out responsibilities to a team of employees, who are collectively responsible for maintaining company security.
What skills should you seek in a CISO?
The CISO role requires a deft balance of skills, and therefore a talented individual. Here are some of the most important qualities your CISO should possess:
Seek a candidate with a higher degree in the information technology field, and a deep knowledge and professional education in finance or accounting. Some companies also require a CISA certification, passing the CFE fraud examination test, and/or earning an OCSP (offensive security) certificate.
Anywhere from 7 to 12 years of work experience is desirable – including at least five in a managerial role. Experience within your industry is ideal (for obvious reasons), and at least 2 years of risk assessment and management background is also important. When interviewing, ask your candidate to discuss a situation in which s/he had to utilize or problem solving skills – offering specific examples.
Exceptional communication skills are a must. From inside the company’s C-Suite, to the IT team, to outside vendors, and prospective clients.
What should the process of searching for and hiring a CISO look like?
It all starts with the job description. This means clearly stating the requirements, skills and qualifications needed to be a great CISO. But it also means selling the opportunity. The goal isn’t just to find a qualified candidate. It’s to find candidates who are both qualified, and excited about your organization. Click here for help on creating your chief information security officer job description.
Second, it’s about getting the word out – effectively! Don’t ignore general sites and job boards that target IT professionals (especially since there are shortages in qualified IT professionals across many industries).
Finally, don’t forgo considering a recruiting firm that specializes in staffing information security professionals. Proven track records and trusted networks are key when it comes to facilitating successful candidate searches.
Conclusion: How to Hire a Chief Information Security Officer
The CISO position is a high responsibility, high impact role. New CISO’s are usually expected to hit the ground running, producing an assessment of the current security state along with future goal setting within the first 90 days of employment. Your CISO will need to have excellent communication skills – including the ability to articulate technical issues in business terms. Ideally, he or she should have experience as first or second in command at an organization in, or adjacent, to your field.
IT Staffing Trends: What to expect during a recession
Regardless of any potential recession, the fact remains that IT companies need people to continue with daily work and planned projects, especially highly trained, knowledgeable, and skilled IT professionals.
Judge Takes Creative and Marketing Staffing by Storm – Providing exceptional talent and building careers one placement at a time
Judge has recently invested more heavily in marketing and creative staffing because our clients are looking for this type of staffing, and our candidates are asking for help finding these types of positions.
Are You Prepared for a Cyber Attack: Three ways a cyber breach can negatively impact your company
As cyber criminals have improved their methods and become far more patient, businesses have been especially affected by cyber attacks. Cyber attacks have increased exponentially since 2019, particularly among small to medium-sized businesses. 65% of organizations…