Chief Information Security Officer (CISO)
The CISO is the responsible person for the strategy and vision of information security within an organization. This position is usually senior-level and nowadays many multinationals have appointed a CISO or a more general function as Chief Security Officer (CSO). The main goal of the CISO is to determine the right security program to protect information assets appropriately.
Common tasks of a CISO might include the implementation of an ISMS, create or maintain policies, perform risk management and determine compliancy and legal requirements within IT. Due to the growing demand for securing information the CISO will be often involved in risk management, compliancy (e.g. PCI-DSS, GLBA, HIPAA, SOx), security programs, security architecture, privacy protection, incident response handling and forensics, Identity and Access Management (IAM), Disaster recovery or business continuity programs, vulnerability scans and threat analysis.