A Chief Information Security Officer is a C-level management role, also known as a Chief Information Security Officer (CISO) or Information Security Director. They are responsible for overseeing the overall IT, Information and Data security of an entire organisation.
The role covers strategic oversight of anything and everything to do with IT Security in an organisation. This will include strategic vision, scoping of requirements, design, development, implementation, incident response, budgets and adherence to all necessary protocols, regulations and any legal requirements.
As Chief Infosec Officer you will likely have many years of relevant experience in a variety of IT Security related roles, your in-depth knowledge will enable you to effectively manage any and all aspects of the IT, Data and Information Security at your organisation.
Responsibility for overseeing the design, testing and Implementation of all IT Security solutions within your organisation stops with you. Oversight of the day-to-day control of the maintenance and monitoring of your organisations live production environments will also likely rest with you.
Strategic planning, leadership, staff development, training and adherence to all legal, compliance and regulatory requirements will likely also be under your remit.
This senior C-level job role will involve you in organisational strategic decision-making, system implementations, and the adoption of new processes and procedures improving the security and robustness of your organisations infrastructure, IT projects and associated systems.
As Chief Infosec Officer you will be overseeing the teams that are working to identify and safeguard your organisation from all known and developing security threats, security weaknesses, software bugs and exploits. You will have overall responsibility for both the staff and management processes that keep your organisation secure from the ever-present threats that an insecure and dangerous world creates.
You will be ultimately responsible for overseeing your organisations current Data, IT and Information Security and any new software or hardware modifications impacting upon overall data security.
The buck stops with you when it comes to defining, implementing and maintaining corporate security policy, and associated procedures.
More specific Chief Information Security Officer responsibilities may include:
1) Definition, Scoping, Creation and execution of IT and Data Security strategies enhancing the reliability and security of the IT systems, projects and underlying data at your organisation.
2) Overseeing managers and teams that you are responsible for, allocating resources to ensure that staff deliver secure and robust IT solutions to any of the organisations identified and agreed requirements.
3) Overseeing planning and execution of necessary vulnerability audits, penetration testing or forensic IT audits and investigations. Ensure that outputs improve your organisations IT Security.
4) Liaise with senior level directors, the organisations board and other key stakeholders plus managers, programmers and IT Security risk-assessment staff under your remit.
5) Oversee integration of new IT Systems Development with the organisations overall IT, Data and Information Security policies.
6) Oversee staff training in all the latest security awareness skills, Check associated protocols, methodologies and procedures are implemented.
7) Ensure compliance with any related legislation, such as the Data Protection Act, ISO standards or relevant government regulations.
8) Plan budget allocations and associated financial forecasts relating to IT, Data and Information security.
9) Manage your staff’s technical and personal development, new hires, dispute resolution, redundancy and potentially termination of staff.
10) Liaise with and manage your partners, stakeholders, vendors, and third party service or solutions providers.
11) Oversee projects, budgets and resources under your remit with a view to ensuring that your organisation gets a favourable return on it investments in staff, hardware, software and service providers.
The job of Chief Infosec Officer is usually a daytime role, working an average 40 hours per week although, as a senior C-level employee, you may be expected to work above and beyond these hours when required to do so.
What can you expect to earn as a Chief Infosec Officer (CISO)? The position of an IT Chief Information Security Officer is a senior C-level role. Salaries will of course vary depending on your experience, qualifications, the organisation and sector.
According to Payscale* Salary expectations for the role of Chief Information Security Officer are $105,916 to $254,716 or £81,473 to £195,935 at a conversion rate of 1.3 for USD/GBP.
Sources: * Payscale – http://www.payscale.com/research/US/Job=Chief_Information_Security_Officer/Salary