• Build information security strategy
• Develop Information Security Management System (ISMS) program
• Assess and advise on all forms of cyber risk and remediation plans to address them
• Operationalize the security strategy with cyber security projects involving people, process, and technology
• Identify compliance mandate and build security controls to satisfy regulatory and legal requirements
• Lead the security teams and manage the internal and external stakeholder relationships
• Provide security awareness and training to employees and board of directors

• Partners with the Legal Team to reduce Litigation Risk – CISO ensures the security activities and operations support any existing or expected legal obligations. CISO translates the legal obligations to security requirements and map them into security controls to provide an assurance that the litigation risk is minimized.
•  Works with Information Technology (IT) Team to reduce Technology Risk – CISO helps IT teams remediate security vulnerabilities and design information technology capabilities with sound security controls.
• Communicates with Compliance Executives to mitigate Regulatory Risk – CISO identifies the gaps in meeting the existing and upcoming regulatory compliance mandate from security and privacy standpoint, and implements security controls to mitigate regulatory risk.
• Collaborates with Human Resources to build a security-aware culture – CISO helps shaping security awareness and training activities to build a strong security culture to prevent accidental or malicious activities stemming from the workforce.
• Partners with Chief Risk Officer to capture and translate technical security risks into business risk – CISO helps register security risks into enterprise risk registry as business risks and articulates the realistic picture of company risk arising from security gaps to the board and executive leadership. The business and financial risk derived from the technical security risks help the board better understand and support risk mitigation efforts.
• Works with Procurement Team to ensure security is integrated into the third-party contracts – CISO helps procurement include security requirements into the contracts that third-parties need to comply with.
• Communicates with the Board to provide update on security program and obtain support and funds to improve security posture – CISO translates security requirements, goals and reports into digestible chunks that a board of directors can fully understand and support.

The CISO role combines great technical security skills with impeccable personality, and outstanding business skills. Finding someone with such all-round skills that can also fit into the company culture is a challenging task. Here are some of the attributes that might help you select the right Chief Information Security Officer for your organization.

• Leadership and management experience to provide direction and lead teams effectively
• Cyber security experience to direct the implementation of security controls to reach business goals
• Strategic thinking to develop long-term security plans to manage risk within a limited budget
• Ability to make risk-based business decisions and ability to execute them
• Ability to communicate with the board of directors providing actionable metrics.
• Ability to work with leadership teams from IT, Legal, HR, Compliance, Procurement