A few years ago, hiring a Chief Security Officer (CSO) would have been superfluous. However, as companies continue to expand their technological footprint, they are also more vulnerable to cyber attacks. Having a CSO on board is necessary to alleviate cyber-security risks.
Much of the challenge to hiring one comes from defining the CSO's role against that of the chief information officer's. Indeed, the job responsibilities of a CIO are quite different from those of a CSO. The common misconception is that the two positions would be adversarial, but the reality is they often collaborate.
CIOs ensure that the information-technology infrastructure enables employee functionality. They use technology to create efficiencies in the company. CSOs safeguard intellectual property or protect against data breaches. For the most part, the CSO helps C-suite executives make judgments by lending an independent voice to the discussion.
The main function of a CSO is to lower a company's risk in respect to the security compromises that can happen via a network. From a board-level perspective, CSOs give visibility to and quantify the risks in a company. Its helpful to have a role dedicated to those responsibilities, Carpenter says.
Typically, CSOs ensure there are adequate policies and procedures in place for cyber and physical security. Then, they assess the security risk relative to those policies and procedures. From there, they are responsible for identifying to the C-suite and the board those gaps in policies and procedures.