Who Does What in Cybersecurity at the C-LevelAs security evolve as a corporate priority, so do the roles and responsibilities of the executive team. These seven titles are already feeling the impact.
1 of 8
Image Source: Shutterstock via Cartoon Resource
What’s in a title? As the threat landscape grows more severe, job titles and lines of reporting will continue to change for security professionals. For example, last year’s CIO 100 found that 70% of CISOs report directly to the CIO, while IDC predicted that during 2018, 75% of CSOs and CISOs will report directly to the CEO.
Rob Clyde, a vice chair on the board of directors at ISACA, says just about all C-Suite players will have a seat on the board of directors in the future – and they’d better be ready.
"However technical these people are, they still have to understand the business and explain the technology to the board in plain English," Clyde says.
John McCumber, director of cybersecurity advocacy at ISC2, says the Chief Data Officer will continue to play a more important security role at many companies – and should have a seat at the table. "Organizations live and die by data," McCumber says. "We are coming to the end of the 'era of threat' and now have to accept that the threats will exist and that we have to deal with them."
Here's a look at seven important C-Suite job titles in security: CISO, CRO, CTO, CIO, CPO/CDO, CFO, and CAE, and their key security roles as defined by ISACA's Clyde and ISC2's McCumber.
Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio
1 of 8