Both the CSO and the CIO roles are heavily dependent on each other. However, the CSO should regard the CIO as first amongst equals, a role to lean on for advice and fortitude. Regardless of the reporting relationships, both the CSO and CIO roles must collaborate to manage information and associated risks.
CSOs realize that perfect security is unachievable and therefore need to drive the decisions about identifying risks, its treatment and residual risks. To make such decisions, the CSO operates in conjunction with a cross-functional team which consists of the CIO, other C-level leadership, various business unit heads, and the general counsel.
Businesses inherently take risks. Activities such as mergers, acquisitions and business outsourcing all provide opportunities for growth and cost savings while introducing such risks. As a result, board members and CEOs are now more aware than ever before about the need for IRM.
Combined with the inexact nature of risk management, this awareness has elevated the role of CSO. The CSO is needed to marshal strong involvement from a cross functional team who bring together their best collective experiences to manage the business risks. We expect the trend to continue resulting in the hiring of more CSOs and their placement outside the IT organization.
Nalneesh Gaur is a principal with Diamond Management and Technology Consultants.