<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2038511469714819&amp;ev=PageView&amp;noscript=1">

What to Look for When Recruiting a Chief Security Officer

2 Oct., 2018

With data breaches a near-constant headline, the search for the perfect Chief Security Officer is on. If you don’t have one, now’s the time to get one – here’s what to look out for in a top candidate. 



What to Look for When Recruiting a Chief Security Officer_webThe chief security officer is a vital part of any enterprise company’s cyber security strategy.

Responsible for information and technology security, the Chief Security Officer, or CSO, is occasionally also known as the Chief Information Security Officer, or CISO. For the purposes of this article we’ll refer to the role interchangeably as CSO or CISO, someone who’s in charge of protecting the sensitive information network of a company.

More companies these days are hiring CSOs. According to the Wall Street Journal, up to 65 percent of U.S. companies in 2017 have a chief security officer, up from just 50 percent in 2016. You can blame the rise in CSO hires to the growing threat of cyber-attacks and data breaches companies are facing these days. Since data breaches reached their highest point in 2017, you can expect more companies will be looking to hire CSOs to improve their information security.

But what does a CSO handle exactly? And what qualities should you look for when recruiting one?

Chiefly, the CSO oversees data protection and data security. Depending on the size and type of company, they could be a lone officer, an officer in charge of a team of security professionals, or an outsourced firm. They’re in charge of planning and implementing the procedures and tools required for monitoring databases, firewalls, and entry points within a company’s information system.

As such, CSOs require a comprehensive background in security architecture, access and identity management, and data loss prevention and threat intelligence. Their tasks include strategizing, executing, and testing access and security software via “white hat” or ethical hacking methods, which would involve rooting out and plugging up system vulnerabilities and keeping systems updated with patches.

Besides technical competence, CSOs must be knowledgeable of various compliance, regulation, and consumer laws pertaining to their company’s respective industry. If they’re in the health sector, the Health Insurance and Portability Act (HIPAA) is vital to understand. If they’re in finance, there’s the Gramm-Leach Bliley Act (GLBA). Generally, if your organization is in the business of collecting customer data it falls under a compliance order you must follow, which typically involves the encryption of personally identifiable information. CSOs must understand the nuances of these laws and be able to implement the protocols necessary for adhering to them.

Since they’ll be setting up security efforts companywide, CSOs should also have some interdepartmental and business knowledge. To implement security procedures, they’ll have to coordinate effectively with finance, human resources, legal, and other sectors and be able to articulate complex technical subject matter to stakeholders, investors, and C-Suite leadership, as well as regular employees. Accordingly, CSOs should have superb communication and leadership skills, including the inclination to educate and train staff, since ensuring company-wide adoption of IT and security policies often falls under their purview as well.  

Besides all that, CSOs should know the best practices in cyber-security, especially encryption, and stay on top of rapidly changing compliance regulations. For more information about how eperi Gateway can help CSOs reach their security and compliance goals, contact eperi.

Recommended for You

Free eBook: Global Compliance - What the C-Suite Should Know about Compliance Regulations When Moving to Cloud Services


Share Button: LinkedIn Share Button: XING Share Button: Twitter Share Button: Facebook