866.254.0000
Talk with a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
View All Services
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

«  View All Posts

7 Characteristics of a Chief Information Security Officer Blog Feature
ROBERT TYLKA

By: ROBERT TYLKA

Print/Save as PDF

7 Characteristics of a Chief Information Security Officer

Education

Chief Information Security Officers (CISOs) aren't what they used to be. According to the Identity Theft Resource Center, data breaches exposed over 169,068,506 confidential records in 2015. Before cybersecurity became top talk within the IT world, CISOs were responsible, in general terms, for security. Today, they play a much more integral role in the enterprise.

CISOs are the senior-level executives tasked with identifying, developing, implementing, and maintaining security-related processes to protect organizations from operational risks and data breaches. A CISO’s key responsibilities may include:

  • Developing and enforcing security-related policies
  • Monitoring compliance
  • Preserving data privacy
  • Managing Computer Security Incident Response Teams
  • Overseeing ID and access management
  • Managing security architecture for the organization
  • Performing digital forensic investigations or electronic discovery
  • Contributing to the development of disaster recovery (DR) and business continuity plans

In other words, CISOs act as trusted advisers, using data to help their organization become more agile in the marketplace and make wise business decisions without unnecessary risks. They are the protectors of brand image, the liaisons between the organization, stakeholders, customers and employees, and the gatekeepers of the most important data assets within an organization.

Ever on their mind is the possibility of technical threats, regulatory constraints, and business risks as they relate to revenue and reputation. It’s a big job that’s becoming increasingly more complex and stressful, which calls for a very specific type of professional. Here are seven characteristics of a successful CISO:

1. High-Pressure Problem Solvers

Data protection is like a moving target, as such CISOs have be excellent problem solvers in order to successfully rise above security obstacles. CISOs relish a good challenge and have the unique ability to walk the line between day-to-day management and long-term vision, always with the understanding that every decision they make could have major ramifications.

2. People People

Part of their focus is maintaining their organization’s reputation, which means working with customers on a daily basis and dedicating themselves to helping solve issues across the organization, or delegating the task to someone inside the company who is equally or more capable. They communicate with stakeholders who may not have a well developed IT understanding or vocabulary. They nurture relationships to develop a helpful network of resources and they create understanding across the board. None of this is successful unless a CISO is inherently a “people person.”

3. Globally Aware

Today, information flows freely without borders and compliance mandates do not translate seamlessly across all countries. That means CISOs not only require a specialized understanding of the compliance standards directly related to U.S. operations, but also international regulatory standards like those of Europe, Asia, Latin America, the Middle East, and Africa. It’s an incredibly complex network of rules and standards that impact how quickly and effectively issues can be solved. This degree of complexity is forcing CISOs to develop greater skills related to IT, law, and business.

4. Metric-Minded

Data is the foundation that enables security and compliance teams to defend against misconfigurations, hyper-attacks, and malicious insider threats. The best CISOs know this and religiously use data to drive decisions. For CISOs to be successful, they must be comfortable with constant change, both internally and as it relates to the security threats they face. Instead of being reactionary, they forecast and recommend changes based on concrete data (not fear) to mitigate risk and clearly convey the need for change.

5. Introspective

CISOs use data to measure their own performance and the performance of others within their organization. They bring data full circle, looking beyond face value to understand what the information means in terms of business operation and performance. CISOs use their findings to address weak points and better protect confidential information.

6. Business-Minded

As mentioned briefly above, CISOs are business-minded individuals. They think about security in terms of business opportunity and make decisions based on how it will affect profits, efficiency, and competitive edge. That means they also have a deep understanding of business and what’s most important to their organization. Under the pressure of bottom-line health, they protect their company as efficiently and resource-conscious as possible.

7. Workaholic Tendencies

There is no rest for the wicked and CISOs know that. Many work long hours and weekends to stay ahead of the curve, and relentlessly monitor their organization as well as changing trends in cybersecurity to ensure proper defenses are in place. Hand in hand with this characteristic is humility. CISOs have a deep respect for the capabilities of their adversaries, and to remain vigilant guards. They must accept their weaknesses and endeavor to improve upon them.

The role of CISO is ever-changing to meet growing demands in cybersecurity. But one thing remains consistent: these professionals are critical to the protection of the organization and are becoming an increasingly integral part of top business decisions.

About ROBERT TYLKA

Robert Tylka is a Principal at Schellman. With over 16 years of experience in providing IT attestation and compliance services, Robert currently leads the Midwest practice at Schellman where he specializes in SOC 1, SOC 2, ISO 27001, and HIPAA reporting. In his portfolio, he also oversees engagements that include FedRAMP, HITRUST, PCI, and various Privacy reviews. To date, Robert has provided services to clients in the financial services, information technology, governmental, human resources, insurance, and manufacturing industries, among others. Robert has also provided professional services to companies of all sizes during his career, including Fortune 500 and publicly traded companies, with a strong focus in the technology sector.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Ready delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.