Every 39 seconds, there is a cyber-attack happening. That adds up to more than 2,200 attacks per day with each attack averaging to about $3.9 million. With technology forever evolving, without the right protection you could easily become the next victim. That’s why it’s so important to have a Chief Information Security Officer (CISO) on your board.
What is a Chief Information Security Officer (CISO)?
The title is often used interchangeably with Chief Security Officer (CSO), and VP of Security. This position is considered an executive-level role. It’s looked at as a fairly new c-suite role due to it being younger than 25 years old. The main objective of this job is to develop and deploy an information security program that consists of policies and procedures designed to protect an organization from internal and external data security threats. They traditionally work alongside the Chief Information Officer (CIO) but that varies based on the company. In most cases, there isn’t a uniform reporting structure.
The Roles and Responsibilities of a Chief Information Security Officer
Being a Chief Information Security Officer requires a lot of knowledge across several different industries. Not only several different industries but you have to be able to look at your job from four different perspectives. According to Deloitte, there are four parts of a CISO or what I would say perspectives of a CISO: The technologist, the guardian, the strategist, and the advisor.
The first one is the technologist. The technologist will probably come naturally due to you working in the technology industry for the majority of your career. With the guardian, you are protecting your business assets by not only understanding the cyber-threat landscape but making sure they are effective and keeping up with the trends that are forever changing. Next, we have the strategist. The strategist makes sure to align the business strategy with the information security strategy. This allows everyone to be on the same page and have a mutual understanding. Lastly, we have the advisor. The advisor integrates with the business to educate, advise, and influence when necessary.
Skills needed to become a CISO
As it pertains to the skillset, you will need much more than technical skills to be successful in this job. You could break these skills up into several sections.
You have your soft skills such as:
Then you have your industry skills. This can be built through experience, certifications, and/or education. Industry skills would include:
- Risk assessment and management
- Policy development and administration
- Incident Management
- Knowledge of regulation and standards compliance
Some certifications that would be ideal would be:
- Certified Encryption Specialist (EC-Council ECES)
- A+ (CompTIA)
- Cybersecurity Analyst Certification, CySA+ (CompTIA)
- Network+ (CompTIA)
- Network Vulnerability Assessment Professional (CompTIA)
It is also recommended that you have business knowledge as well. Within this role, you are not only dealing with technology people, but you are also dealing with other C-suite executives. You must be able to communicate effectively and in a way, where both parties can understand the topic at hand.
How a CISO can impact your FinTech
A CISO would be a great investment in any FinTech company. As stated above, their main focus is to protect their organization internally and externally. An example of internal preventative measures would be phishing tests. The CISO can set up ways to prevent employees from exposing themselves to the wrong person. This will in turn equip your staff with cybersecurity policies and help your employees become more aware of current trends within security.
When to hire a Chief Information Security Officer
When it comes to the timing of hiring a CISO, it’s always wise to be proactive. It is not recommended to wait until you’re overwhelmed or worse: waiting until your system is hacked to seek a CISO. Do you need one right at the start of your company? Probably not but as stated previously, you shouldn’t wait till you’re overwhelmed.
When beginning your search, it is recommended that you start internally. This is mostly due to the fact that CISO’s can be extremely hard to find. Look at your IT/infosec team and see who would have a great balance of technical and leadership skills. It would also work out because the candidate would be familiar with the team and could already know what areas he wants to improve on.
Overall hiring a CISO is worth the investment because the time and the effort you put into finding the right candidate will save you time and money in the future from having to pay for hacks/attacks.
At Storm2, we are specialists in connecting professional CISO candidates with successful FinTech start-ups and scale-ups across the globe. We pride ourselves on supplying the best talent and culture fit for FinTech firms due to our niche recruitment specialization. Our team of specialist consultants can advise you on the process and find the perfect company for you.