We all know that the big boss is usually the chief executive officer (CEO) or the managing director. In businesses of significant size, the CEO typically reports to a board of directors, who are responsible for providing strategic direction to the business and ensuring that the CEO stays on-target and protects their investment.
Beneath the CEO, there are usually C-level executives who are appointed as custodians of business functions, such as finance, information technology, strategy, operations, sales, and marketing. In each case, these executive appointments come with titles, such as chief financial officer (CFO), chief information officer (CIO) and chief operating officer (COO). Every member of the executive team has a subset of responsibilities discharged to them by the CEO, such as the CIO being responsible for the business’s information and technology strategy, while the COO is responsible for day-to-day running of business operations.
The information security manager must work closely with whomever is responsible for business risk and become their ally. In many cases, the CEO will delegate information risk to the CIO, so the information security manager reports directly into that part of the organization.
In some organizations, where the level of security understanding is high and the executives understand the need for seniority in the security role to help with the execution of strategic security programs, the information security manager’s job is elevated to a board-level position, acquiring titles such as chief information security officer (CISO) or chief security officer (CSO) . The reality of today’s business environment is that as security becomes increasingly more important in the boardroom, the most senior role moves up in the organizational hierarchy, making it more accountable and more effective