6 top attributes employers want in new CISOs

Looking for your next position as a CISO, preferably one with more pay, better benefits, and more on-the-job responsibilities/respect? Then you need to know what skills and qualities prospective employers are seeking now from their CISO hires to maximize your chances of getting your dream job. Here are the top six attributes recruiters sayorganizations are looking for in a CISO.

1. Previous CISO experience (probably)

Today’s employers expect new CISOs to bring a wealth of skills to their positions. According to Burke Autrey, partner and CEO of IT talent recruitment firm Fortium Partners, organizations are seeking experienced candidates who have served as CISOs “multiple times at multiple companies.” In their previous positions, their duties will have covered “governance, compliance, monitoring/threat detection, and incident response as a leader,” he says. Such CISOs will have also gained experience in managing “budgets, people resources, peer executive and board interaction, and law enforcement and insurance liaison responsibilities.”          

“Our clients are looking for past experience with breached or compromised situations and how they dealt with them, where they may have missed something, how they reacted to it and how they shored up their companies’ defenses,” agrees Michael Piacente, managing partner and co-founder of executive search firm Hitch Partners. At the same time, many smaller firms are willing to consider giving security professionals their first CISO jobs, as long as they have the necessary skills.

2. Expertise in product security

“The first most important skill, without a doubt, is a thorough knowledge of application and product security,” says Piacente. “This is the ability to collaborate at a very deep technical level with product development and engineering teams.”

This is especially true for technology companies. “Most of our clients are in high-consequence, disruptive software companies where their product/application security compliance, customer enablement, and hiring are key to their platform success,” Piacente says. “Security in their world is not just a necessity or a checkbox item, but a feature of their actual platform.”

3. Ability to anticipate regulatory and threat risk

Another must-have skill is being knowledgeable about governance, risk and compliance. “Companies want a CISO who understands the nuance of taking a company down the path of certifications such as ISO or SOC2, FedRAMP, or NYDFS [New York Department of Financial Services],” Piacente says. “A prospective CISO needs to have been through these full cycles to understand the nuances of what their company needs versus what they don’t need.”

Copyright © 2022 IDG Communications, Inc.

News Credit

%d bloggers like this: