SecurityRecruiter.com's Security Recruiter Blog: CISO and CSO Reporting Structures

Wednesday, July 07, 2010

CISO and CSO Reporting Structures

While working on a recent CISO recruiting assignment through SecurityRecruiter.com, I was fortunate to speak with many different CISOs across the country. There is always a lot to learn from working with these successful security professionals who have made it to the top of the corporate information security profession.

One recent conversation with a CISO really stood out because the reporting structure described to me was somewhat different. A CISO in a financial services organization explained that his reporting structure that previously aligned with the CIO’s office had been shifted to the Chief Legal Counsel.

I asked the CISO what such a reporting structure change meant to his future. He described the structure as being one where he no longer had to sell security business propositions. Instead, in his experience, the Chief Legal Counsel was entirely focused on reacting to legislation, rules and regulations.

In this CISO’s opinion, the days of sitting down with line of business owners to determine how to align security and risk management programs with the needs of the business were gone. Instead, he described his new job as that of being entirely reactive to regulations at the expense of being proactively focused on creating best practices security programs. This is one CISO's point of view. I wonder if other CISOs who report to legal have experienced similar circumstances?

Reporting structures for CISOs are all over the map. The same can be said of the CSO office. A CSO of a global Fortune 10 financial services company recently shared his reporting structure with me. This CSO came out of a finance and operational background prior to stepping into security. Most of his peers have a career in military, law enforcement or a federal agency before stepping to a CSO position.

He explained that while he is closely aligned with the CEO of this global company because of his strong business background, the boss he has reported to has changed five times over the past five years. He has reported to human resources, risk, compliance, finance and legal. No particular reporting structure stood out as being better than another to this CSO. He concentrates on serving the needs of his line of business customers and on focusing on where the CEO wants to take the organization.

I’ll share more insights on CISO and CSO reporting structures as I talk to more “C” level security leaders.

Security Recruiter Blog

Pages

SecurityRecruiter.com's Security Recruiter Blog

Wednesday, July 07, 2010

CISO and CSO Reporting Structures

0 comments:

Post a Comment

Follow by Email

Jeff Snyder on LinkedIn

Blog Polls

Search This Blog

SecurityRecruiter.com Information Security / Corporate Security / Converged Security, Recruiting

My Headlines

Security Jobs, Regulatory Compliance & Risk Management Topics

Atlantis Web Directory

Free Internet Web Directory

Distrofight Website Directory

Facebook, SecurityRecruiter.com's Business Page

Networked Blogs

SecurityRecruiter.com Security Recruiting Testimonials

Blog Directory

Best Directory

Blog Collector

Blog Top List

Blogville

Blog Rankings

Blogs Rating

Blogs.com

Blogs Collection

Blog Hints

Blog Directory

Blogger Now

Blog Hub

Blog Listing

Bloglisting

Bloggingfusion

Blog Top List

Blog Top Sites

BlogCatalog

Bloghop

Blogernity

Blog Digger

Blog Tracker

Blogarama

Blog Directory

Blog Folders

Best Links

Blogbal

Dmegs

Feeds4All

FeedRank

Fast Pitch Business Blogs

Grokodile

Loaded Web

LS Blogs

Introduced

OnTopList

Pegasus Directory

Plaxoo

SpilBean.com Blog Search Directory

Top Blogs

WeBlogALot

JS-Kit Comments

Meta Tag Generator

Kmax

Labels

Follow This Security Blog

Subscribe To

My Fast Pitch! Profile

My Plaxo Profile

SecurityRecruiter.com's Security Recruiter Blog