A Chief Information Security Officer is the five-star general of an IT security department and its staff.
A CISO is the executive-level manager who directs strategy, operations and the budget for the protection of the enterprise information assets and manages that program. The scope of responsibility will encompass communications, applications and infrastructure, including the policies and procedures which apply.
Responsibilities of CISO:
As the head of IT security, CISO officer could be required to:
- Appoint and guide a team of IT security experts.
- Create a strategic plan for the deployment of information security technologies and program enhancements.
- Supervise development of (and ensure compliance with) corporate security policies, standards and procedures.
- Integrate IT systems development with security policies and information protection strategies.
- Collaborate with key stakeholders to establish an IT security risk management program.
- Audit existing systems and provide comprehensive risk assessments.
- Anticipate new security threats and stay-up-to-date with evolving infrastructures.
- Monitor security vulnerabilities, threats and events in network and host systems.
- Develop strategies to handle security incidents and coordinate investigative activities.
- Act as a focal point for IT security investigations and direct a full investigation with recommended courses of action.
- Prioritize and allocate security resources correctly and efficiently.
- Prepare financial forecasts for security operations and proper maintenance cover for security assets.
- Provide leadership, training opportunities and guidance to personnel.
- Work with senior management to ensure IT security protection policies are being implemented, reviewed, maintained and governed effectively.
- Spearhead education programs focused on user awareness and security compliance.
In addition to these efforts, CISO officer may be involved in a large variety of non-technical managerial tasks. At the end of the day, the CISO reports on security to the CIO or the CEO.
CISO Career Paths:
– Security Administrator
– Network Administrator
– System Administrator
You can then build your technical and interpersonal skills in jobs such as:
– Security Specialist
– Security Analyst
– Security Engineer
– Security Consultant
– Security Auditor
Eventually, you will need to progress to a senior-level position where you can gain experience with leadership, project management and organizational politics.
– Security Manager
– IT Project Manager
– Security Architect
– Security Director
Salary of CISO:
Payscale has two categories for Information Security Officers:
The median salary for a CISO is $131,322 (2014 figures). Overall, you can expect to take home a total pay of $74,082 – $239,307.
The median salary for a CSO is $139,763 (2014 figures). Overall, you can expect to take home a total pay of $58,734 – $223,558.
Total pay figures include your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
At bare minimum, you will need a bachelor’s degree in Computer Science, Cyber Security or a related technical field.
As security issues become more dangerous and complex, some employers are starting to specify that CISOs must also have a technical master’s degree with a concentration in IT security. Continued training and professional certifications won’t go amiss.
Expect to spend 7-12 years working in IT and security before you begin filling out applications for a CISO position. Try to ensure that at least 5+ years of that experience is spent managing security operations and teams.
Certifications For CISOs:
IT security certifications are required when it comes to this level of management. CISSP and CISM are two of the most widely recognized, but there are plenty of others to consider.
CISA: Certified Information Systems Auditor
CISM: Certified Information Security Manager
GSLC: GIAC Security Leadership
CCISO: Certified Chief Information Security Officer
CGEIT: Certified in the Governance of Enterprise IT
CISSP: Certified Information Systems Security Professional
CISSP-ISSMP: Information Systems Security Management Professional