The chief information security officer (CISO) was an unheard designation a few years ago. However, with the increasing thrust to protect vital information assets, the CISO role is gaining prominence amongst Indian organizations. Automation and digitization of businesses and changes in the regulatory environment are expected to provide further push the CISO’s role in an organization. Let’s take a look at the changing significance of the role of a CISO as well as the various essential prerequisites to apply for it.
The CISO’s role has significantly evolved in recent times, with several Indian CISOs establishing themselves. A CISO role is pivotal to protect the information assets of an organization. For certain industries like bank and telecommunication, the CISO role is stipulated by government authorities. Organizations where a CISO role is not defined handle security issues in a reactive manner. Hence, CISO role is extremely crucial to lend different perspectives to information security as well as continuously drive the security strategy within an organization.
Usable career paths for CISO role aspirants
Traditionally, the technology guys are known to graduate to a CISO role. However, people who have worked in the risk and audit areas can do an equally good job. Professionals with certifications like certified information systems auditor, certified information security manager (CISM), and certified information systems security professional are easy fits for a CISO role. More than a technical certification, having the right kind of experience is important to apply for a CISO role.
A person who wants to handle a CISO role should have a finer understanding of the different aspects of information security, which is a vast field. An experience in the areas of awareness, change management, risk management, and technology will also be helpful. The current leading CISOs may not have an information security background, which is a recently developed domain. However, the new generation of professionals might directly start their careers from information security itself and hence, may not have a broader understanding of other areas, which is not necessarily bad. However, it’s always preferable to first understand business or technology and gradually diversify into security rather than picking up the role from day one.
Prerequisites for a CISO role
Business skills: To reach a CISO role, you need to understand your business, its goals, customers, various regulations, and risk appetite. You should be realistic while setting up security related expectations, and check whether people will be able to achieve it.
Soft skills: A CISO role warrants excellent communication skills with the management, team, industry colleagues, and vendors. A CISO may have the most brilliant ideas in terms of technology, but if he is unable to communicate, explain, and influence the business people, the proposals may not get approved. A CISO should be able to innovate, design future roadmaps and have good document presentation and focused planning skills. He should be a good leader with a clearly guided team so that everyone is focussed on one agenda.
About the author: Vishal Salvi is the CISO of HDFC Bank. Salvi has a CISM certificate and speaks at various conferences on the leadership aspects of a CISO role.
(As told to Dhwani Pandya)