Career Path: CISO to CIROStephen Katz Describes Next Strategic Challenge for Security Leaders
This is the point made by information security leader Stephen Katz in a new, exclusive interview.
"The transition from a CISO to a CIRO is only the state of mind as much as anything else," says Katz in his conversation with Tom Field, executive editor of Information Security Media Group (ISMG). "The transition is one of emphasis, where the CISO recognizes that protecting information is primarily a risk mitigation effort."
From traditional focus on technology and operations, the evolving CISO will require a centralization of risk management across the organization, with the growing need to identify risk relationships between business units.
According to Katz here's how the transition will take begin:
- The CISO, instead of reporting to the technology arm of the organization, will report as the CIRO to the chief risk officer (CRO), who will report to the CEO and sometimes directly to the board.
- The new CIRO will actively be involved with defining the different levels of risk and risk appetite of the corporation, identify which areas of risk are being impacted and come up with alternate solutions to manage and mitigate risk effectively.
- This transition will help the CIRO to work extensively with other C-level business executives to identify risk relationships. New responsibilities will include providing risk-based information to guide decisions, ensuring that the corporate strategic agenda reflects the most important existing and emerging risks.
For more insights from Katz on the transition to CIRO, please listen to the recorded interview.