This week, we have been looking at personnel and security. One of our assignments was to write a job description for the Chief Information Security Officer (CISO). We have been following a newly appointed CISO throughout the class, so I thought it would be easy. It was a bit more difficult than I thought. Additionally, there is a LOT the CISO is responsible for, based on the job descriptions I looked at for guidance.
I looked mainly at CareerBuilder in my quest for more information and found 31 jobs advertised for CISO. Looking at the job descriptions, it should be no surprise that the CISO is responsible for the information security and risk management programs. Another resonating topic noticed while looking at the job descriptions was communication and supervision. This should not be a surprise, since we are looking at a top-level officer in the organization. I did find something surprising, however.
I was surprised to see the experience and education requirements for a CISO in most of the listings. The listing for LRS.com did not list education as a requirement, but did ask for a minimum of seven years of experience. Another listing, a CISO job for Teledyne Technologies, indicated a minimum of five years' experience. I based my assignment on those factors, but then I began to think about it. Is that really enough experience?
After more consideration, I would change my requirements on the job description to require at least 10 years in the IT field and, preferably, a majority of those in management. If you think about the role of the CISO, it is an important asset in the organization. The CISO is the person ultimately responsible for everything related to the IT systems, their security, and the security and privacy of data. When a breach occurs, it is likely going to be the CISO answering the questions and trying to figure out just what happened. Is this where you want inexperience?
Don't get me wrong. There are a lot of individuals who excel on the job and move up the ranks very, very quickly. Perhaps these organizations are looking for those top performing, quick moving individuals. My concern, especially if I was hiring a top-level manager, is that less than 10 years just might not be enough to learn the skills necessary to head the IT operations. Am I wrong? Perhaps. Would I be elated to receive the job with just five years' experience? You bet!
Referenced Sites
http://www.careerbuilder.com/jobs/keyword/ciso
I looked mainly at CareerBuilder in my quest for more information and found 31 jobs advertised for CISO. Looking at the job descriptions, it should be no surprise that the CISO is responsible for the information security and risk management programs. Another resonating topic noticed while looking at the job descriptions was communication and supervision. This should not be a surprise, since we are looking at a top-level officer in the organization. I did find something surprising, however.
I was surprised to see the experience and education requirements for a CISO in most of the listings. The listing for LRS.com did not list education as a requirement, but did ask for a minimum of seven years of experience. Another listing, a CISO job for Teledyne Technologies, indicated a minimum of five years' experience. I based my assignment on those factors, but then I began to think about it. Is that really enough experience?
After more consideration, I would change my requirements on the job description to require at least 10 years in the IT field and, preferably, a majority of those in management. If you think about the role of the CISO, it is an important asset in the organization. The CISO is the person ultimately responsible for everything related to the IT systems, their security, and the security and privacy of data. When a breach occurs, it is likely going to be the CISO answering the questions and trying to figure out just what happened. Is this where you want inexperience?
Don't get me wrong. There are a lot of individuals who excel on the job and move up the ranks very, very quickly. Perhaps these organizations are looking for those top performing, quick moving individuals. My concern, especially if I was hiring a top-level manager, is that less than 10 years just might not be enough to learn the skills necessary to head the IT operations. Am I wrong? Perhaps. Would I be elated to receive the job with just five years' experience? You bet!
Referenced Sites
http://www.careerbuilder.com/jobs/keyword/ciso
No comments:
Post a Comment