For this week’s Toolkit Insider Series, we will be taking you through the Chief Information Security Officer Job Description template from the ISO27001 2013 ISMS Standalone Documentation Toolkit.
Is information security top of your board’s agenda?
It’s unlikely. Ponemon Institute’s 2018 Study on Global Megatrends in Cybersecurity report found that 68% of boards of directors are not briefed on what their organisation is doing to prevent or mitigate cyber attacks.
However, a CISO (chief information security officer) could change this, engaging the board with information security matters and making sure these are discussed in meetings.
What is a CISO?
The CISO is responsible for the overall direction of all security functions within an organisation.
They play an important role in identifying any weak areas within the organisation which might make information systems vulnerable. They do this by assessing the organisation’s security measures like making sure firewalls and the anti-virus software is working properly as well as ensuring that all passwords are updated and not at risk.
A CISO will also advise the board on the effectiveness of information risk management across the organisation.
The duties of a CISO
ITGP’s Chief Information Security Officer Job Description template outlines the CISO’s duties:
• Provide and allocate funding for information security projects.
• Provide resources for information security projects.
• Own and sign off all information security policies and procedures.
• Report security incidents and breaches to the board of directors.
• Maintain awareness of the implications of legislated requirements that may impact the security of the organisation.
Download our Chief Information Security Officer Job Description template for free
To view the full job description template from the ISO27001 2013 ISMS Standalone Documentation Toolkit, click here.
The next template we’ll be looking at is the ISMS Plan.
ISO27001 2013 ISMS STANDALONE DOCUMENTATION TOOLKIT
Created by expert practitioners, the ISO27001 2013 ISMS Standalone Documentation Toolkit provides you with a comprehensive set of ISMS (information security management system) templates, saving your organisation time, effort and money.