Who Does What in Cybersecurity at the C-Level

As security evolve as a corporate priority, so do the roles and responsibilities of the executive team. These seven titles are already feeling the impact.

Steve Zurier, Contributing Writer, Dark Reading

March 16, 2018

8 Slides

What’s in a title? As the threat landscape grows more severe, job titles and lines of reporting will continue to change for security professionals. For example, last year’s CIO 100 found that 70% of CISOs report directly to the CIO, while IDC predicted that during 2018, 75% of CSOs and CISOs will report directly to the CEO.

Rob Clyde, a vice chair on the board of directors at ISACA, says just about all C-Suite players will have a seat on the board of directors in the future – and they’d better be ready.

"However technical these people are, they still have to understand the business and explain the technology to the board in plain English," Clyde says.

John McCumber, director of cybersecurity advocacy at ISC2, says the Chief Data Officer will continue to play a more important security role at many companies – and should have a seat at the table. "Organizations live and die by data," McCumber says. "We are coming to the end of the 'era of threat' and now have to accept that the threats will exist and that we have to deal with them."

Here's a look at seven important C-Suite job titles in security: CISO, CRO, CTO, CIO, CPO/CDO, CFO, and CAE, and their key security roles as defined by ISACA's Clyde and ISC2's McCumber. 

About the Author

Steve Zurier

Contributing Writer, Dark Reading

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights