CISO
Role summary
A chief information security officer creates an environment and culture in the organisation that ensures the security of its information and technology. They enable the organisation to achieve its objectives and deliver services in a safe and secure way.
The Chief Information Security Officer role is part of both the Government Digital and Data profession and the Government Security profession.
Role expectations
In this role, you may:
- create a strategy for information and cyber security that supports both the organisation’s strategy and wider government security strategy
- lead the organisation in implementing the information and cyber security strategy
- evaluate the current status and maturity of information and cyber security in the organisation
- determine how to get to the level of information and cyber security maturity the organisation needs
- understand risks across the organisation and advise the board and other leaders on how to mitigate risks in their areas and in future plans
- enable the organisation to be innovative in a safe and secure way
- ensure the organisation is prepared for cyber attacks and can detect, respond to and recover from an attack
- >ensure that information and cyber security aspects of crisis management are effective
- encourage a culture of cyber security awareness and good security practices
- implement practices to increase the maturity of information and cyber security
A specific Chief Information Security Officer job can vary depending on the context and challenges in your organisation.
Skills
| Skill | Principle |
|---|---|
| Applied security capability | Expert |
| Cyber Security operations | Expert |
| Incident management, incident investigation and response | Expert |
| Information risk assessment and risk management | Expert |
| Risk understanding and mitigation | Expert |
| Security architecture | Expert |
| Threat intelligence and threat assessment | Expert |
| Threat understanding | Expert |