Guide to hiring a Chief Information Security Officer (CISO)

In 2020, Australian companies reported 1,051 known data breaches to the Office of the Australian Information Commission, with most involving ransomware attacks. This underscores the critical need for a capable CISO (Chief Information Security Officer) who can effectively safeguard company data.

Organisations that hire a CISO understand the importance of investing adequate funding into the strengthening of their cybersecurity.

What is the role of a CISO?

A CISO has many responsibilities, chief amongst them is the establishment of appropriate security and governance practices.

As the guardian of your information security, protecting the organisation’s proprietary information and other sensitive data is a big part of this.

Other CISO responsibilities can include:

1. Compliance

IT compliance differs from IT security. Both encourage businesses to practise due diligence to protect digital assets, but only compliance ensures the process in place meets third-party requirements.

This is hugely important for global corporations. If they choose to do business with a country that has strict privacy laws or in a heavily regulated market like healthcare, they must prove that their methods for protecting digital assets and other sensitive data comply with the rules.

A CISO will develop protocols that satisfy the security requirements for all interested parties. This requires knowledge of all enforceable regulations and strong communication skills.

2. Cyber resilience

An organisation can have the best strategy in place and still fall victim to a cyberattack. One of the roles and responsibilities of a CISO is to detect breaches when they occur. Cyber resilience involves both defending against a security attack, and helping an organisation recover quickly if a security breach occurs.

An IBM research study revealed it takes an average of up to 280 days to discover a breach. So, the sooner a CISO can contain a breach, the better.

IBM estimates it takes most organisations roughly 53 days to get a handle on things and secure their systems. An important role of CISO is to establish a robust disaster recovery plan that includes a component for communicating an information security breach to stakeholders. Part of those communications must contain proposed improvements to defence and response strategies.

3. Documentation

Keeping detailed and updated documentation allows a CISO to provide evidence they are following best practices. Security policy domains for compliance, governance, incident management, and risk management should be included with all documentation. All reports should be convenient to access by authorised parties.

4. End-to-end security operations

A CISO will also design a strategy that addresses the end-to-end lifecycle of data and information security operations. This involves evaluating the IT threat landscape, devising a policy to reduce risks, and leading compliance plans. A crucial component of end-to-end security operations is ensuring employees and other relevant stakeholders are security-aware.

5. Evaluating employee behaviour and organisational culture

How employees understand and approach IT security can be as important as the systems that govern it.

Remote working, as prompted by the global pandemic, has increased the opportunity for workers to access proprietary information. Disgruntled employees are also a major cause of breaches, with around 30 percent of all breaches in 2019 are attributed to insider attacks. CISO goals should always include provisions to reduce internal threats.

Chief information security officer salary (CISO Salary) ?

The salary of your CISO will depend on the size of your organization, and the anticipated requirements of the role.

According to PayScale, the average Chief Information security officer salary in Australia is AU$176,309. That is just the median salary. CISOs with high levels of experience can expect to command up to AU$267,000 annually. Fortune 500 corporations are willing to pay annual salaries of $400,000 or more to attract top CISO talent. These salary projections do not take into consideration any bonuses or profit-sharing perks some organisations provide to their CISOs.

CISO jobs continue to be in high demand in Australia and across the globe. If your organisation is in the market for a CISO, working with a firm with access to the best talent can increase your chances of landing a quality candidate for the role.

What are the key skills of a good CISO?

We recommend a combination of both technical skills and people skills for a high-performing CISO

• Technical know-how: Whilst earning a degree in cybersecurity or another related field is important, nothing trumps on the job experience. CISOs with years of field experience will have creative problem-solving skills that allow them to quickly resolve issues as they arise.
• Diplomacy: Solid communication competencies are second only to technical skills for CISOs. Diplomacy, especially when dealing with key stakeholders and C-suite, is part of being an effective communicator.
• Decisive leadership abilities: If your organisation is unfortunate enough to experience a data breach, you need a CISO who can immediately take control of the situation. When you hire a CISO, you want to make sure that the person possesses the ability to quickly regain control of a security situation whilst instilling confidence in others.
• Commitment to professional development: Data security is ever-changing. Before you hire a CISO, make sure your candidate is devoted to ongoing skill development. The nature of malicious attacks are always changing, you need a CISO who is willing to do the same.
• Business acumen: A failure to understand the work culture, goals, and strategies of the organisation can prevent a CISO from performing well in the job. Before a CISO can identify critical data they must protect, they must have a firm grasp on all business operations.

What is the hiring process for a CISO?

Given the demand for CISOs and the complexity of their roles, you need a recruitment firm that specialises in identifying and securing top talent in IT, digital, technology, and product roles.

Recruiters with a trusted track record of placing top talent and access to valuable industry relationships can provide organisations with the best pool of CISO candidates.

Finding the right fit

Developing data management and security protocols is one of the most important tasks any organisation can undertake. Hiring the right CISO can help reduce your chances of experiencing a costly data breach.

Latitude IT is a forward-thinking recruitment firm specialising in identifying and placing top talent in IT, digital, technology, and product roles. When you need to hire a CISO, we ensure a positive experience throughout the recruitment process. We provide access to only the best people, delivering the right fit for your CISO role.

Do not risk placing the security of your most sensitive data in the wrong hands. Partner with us to hire a CISO.

‍