The pandemic has accelerated the need for enterprises to strengthen their cybersecurity infrastructure and has fueled the job market for security professionals, especially CISOs. However, many organizations still don’t provide the C-suite level authority and resources the role demands.
The pandemic has created new challenges for businesses as they adapt to the operating model in which remote working has become the new normal. Businesses are accelerating their digital transformation journey especially since cybersecurity is now a huge concern. It has driven the demand for CISOs everywhere as enterprises don’t want to be targeted by cyber-attacks that can cause significant damages – both reputational and financial. But, many enterprises, usually in their hurry to strengthen their enterprise infrastructure, are still not sure what the roles and responsibilities of CISOs are apart from meeting the regulatory requirements.
Before considering a new CISO position, candidates should thoroughly understand the roles and responsibilities they will be bestowed with.
Here are a few factors that experienced CISOs must assess before accepting their next CISO position:
-
C-level status
As per a Forrester’s 2020 report, only 13% of CISOs are considered C-suite. Hence, before taking on the position, CISOs should enquire about whom they are going to report to. This shows how invested and serious an enterprise is about their security. Unless the CISO is reporting to the CEO or the CIO with a line to the CEO, they should reconsider accepting the position.
Read Interview: Confronting the Cybersecurity Challenges in Financial Services
-
Poor job description
CISOs must look for hidden meaning in the job description. Words like ‘hands-on’ and ‘compliance’ shows that the company is small and just trying to check a box or two for regulators. Furthermore, if the enterprise is asking for an unreasonable level of skills along with over two decades of experience for an executive CISO role, it should be considered a big red flag. This reveals that the enterprise lacks an understanding of the CISO job requirements. It also indicates that there will be less support from upper management and that will create a chaotic environment.
-
Why is an enterprise hiring a CISO?
Though enterprises may have many reasons to hire a CISO, they are, ultimately, looking for a strategic partner that will help them to reach the next level for security. Candidates should see whether enterprises are looking for security executives who can convey security and risk issues that align with their business goals. Furthermore, they should see whether enterprises are looking for someone who has a more holistic approach to risk, has a collaborative style and thinks of cybersecurity as a business enabler.
Read More: Effective BEC Cyber-attacks Become 56% Costlier in This Digital Era
-
The Culture
Candidates should see the CIO’s track record to identify whether they are a good cultural match and also if they consider the CISO as a strategic partner. Candidates should also see the size of the IT security professional staff and find out if there is room for growth.
Accepting a new CISO position can be tempting, especially in today’s scenario where there is an abundance of job opportunities in the market for experienced CISO professionals. However, overlooking the above factors can land candidates in a role they may come to regret later.
For more such updates follow us on Google News ITsecuritywire News.