Job Description: Chief information security officer

News by SC Jobs

The chief information security officer (CISO) is the head of IT security, driving the IT security strategy and implementation forward whilst protecting the business from security threats and cyber-hacking.

The chief information security officer (CISO) is the head of IT security, driving the IT security strategy and implementation forward whilst protecting the business from security threats and cyber-hacking. Operational compliance to all ISO and other standards and regulations is the responsibility of the CISO. This is a senior role and will commonly involve directing a team and taking a seat on the board.

Browse the latest CISO jobs

The day-to-day

  • Creating and implementing a strategy for the deployment of information security technologies
  • Performing IT security risk assessments and reporting on ways to minimise threats
  • Monitoring security vulnerabilities and hacking threats in network and host systems
  • Tracking latest IT security innovations and keeping abreast of latest cyber security technologies
  • Ensuring business continuity
  • Communicating with key stakeholders about IT security threats
  • Implementing an effective process for the reporting of security incidents
  • Overseeing the investigation of reported security breaches
  • Developing strategies to handle security incidents and trigger investigations
  • Managing the IT security team, security experts and advisors
  • Complying with the latest regulations and compliance requirements
  • Championing and educating the organisation about the latest security strategies and technologies

Key responsibilities

  • Managing the daily operation and implementation of the IT security strategy
  • Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
  • Running security audits and risk assessments
  • Delivering new security technology approaches and implementing next generation solutions
  • Overseeing the management of the IT security department, giving leadership to the team and developing staff
  • Ensuring compliance and governance is met
  • Driving change projects and building new IT capabilities
  • Developing and implementing business continuity plans to ensure service is continuous when a change programme is introduced or a security breach occurs or in the event that the disaster recovery plan needs to be triggered
  • Protecting the intellectual property of the organisation at all times
  • Devising strategies and implementing IT solutions to minimise the risk of cyber-attacks
  • Reviewing, analysing and delivering data information
  • Communicating digital programmes and strategy to a range of stakeholders
  • Managing the IT security budget and communicating this with the appropriate parties
  • Reporting to the board and being an active member of the senior management team

Key skills

  • Digital leadership skills – capable of empowering and leading an IT team to meet business and IT security goals
  • Solid people management skills – providing direction, monitoring performance, motivating staff and building a positive working environment
  • Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
  • A passion for technology and security safeguarding with a desire to deliver
  • Thrives on change, showing an impressive ability to drive the IT security strategy forward
  • Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management
  • Strong customer focus – able to meet the demands of internal and external customers
  • Excellent communication skills – providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders
  • Flexible and adaptable – capable of changing direction where required and showing flexibility to meet new demands
  • Forms business partnerships that help drive the IT security strategy forward
  • Can make decisions that are well informed and timely
  • Creative thinking – able to look at alternatives and consider new ways of thinking to problem solve
  • Multi-tasking – can manage several concurrent projects and prioritise demands


A Bachelor's degree is a minimum with many organisations selecting candidates with a computer science degree or a qualification in a related subject. A Master's degree in business administration is highly desirable.

Relevant experience

  • This level of seniority usually demands around a decade of proven IT security experience but some companies will take candidates who are newer to the industry if they can demonstrate they are a serious IT professional
  • With many start-ups looking to differentiate themselves in the market, if you can demonstrate you have knowledge of the latest IT thinking and threat modelling methods together with a creative drive, you could land yourself the job
  • Change management and business process experience is ideal together with a proven track record of driving large-scale change programmes
  • Experience of managing a team
  • A proven record of dealing with complex projects and meeting conflicting demands


This is a senior level position with an attractive salary package on offer. Working hours are typically contracted as a normal working week – Monday to Friday 9:00am to 5:00pm - but a CISO is expected to work extended hours to match the peaks and troughs of project flows, typically when a new system is implemented, to ensure business continuity.


Salary is dependent upon the size and type of organisation and scale of the IT department and challenge on offer. Bigger organisations may pay an additional bonus and incentive scheme. Smaller start-up or emerging businesses may offer a lower salary in exchange for some company stock and the chance to be part of a new venture. The typical salary range is somewhere between £50,000 and £170,000 per annum with an average salary expectation of around £100,000.

Career opportunities

A CISO is at the senior end of the organisation and as such there isn't a natural next move for many. Some may be coming to the end of their careers and opt for retirement whilst those who have entered the role at an earlier age may be keen to continue to establish themselves in the role.

Here are some possible next steps:

  • Chief operating officer: This is often considered a viable option for those interested in getting into the business process and operation side of things
  • A seat on the advisory board is a natural step for some
  • Starting your own business: For those with an entrepreneurial flair, starting afresh with your own business is a possible option

Check out the latest chief information security officer jobs

Sign up to receive job alerts by email matched to your specific requirements

Keep abreast of the latest industry trends by signing up to our free email newsletters


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews