“One of the primary reasons I want to leave my company is because I feel that there is no support from the CEO in regards to information security. Security is viewed as nothing more than "checking the PCI box."
Whether the issue is software reviews, disaster recovery or security awareness, any attempt by me to offer any type of improvement is shot down even though many of my suggestions involve a change of procedure which involves very little (or no) financial burden. My job is to write policies, get the company PCI certified and present myself to potential customers when they ask about our security posture.
I report directly to General Counsel who reports directly to the CEO so I would consider myself fairly high up the corporate chain. The problem is that the CEO does not give me the impression that he's serious about security nor will he change his mind anytime soon.”