Career Path: CISO to CIRO

Stephen Katz Describes Next Strategic Challenge for Security Leaders
Career Path: CISO to CIRO
In these times of economic uncertainty, with risk management increasingly recognized as a core competency, the role of the chief information risk officer (CIRO) emerges as a new, strategic opportunity for security leaders.

This is the point made by information security leader Stephen Katz in a new, exclusive interview.

"The transition from a CISO to a CIRO is only the state of mind as much as anything else," says Katz in his conversation with Tom Field, executive editor of Information Security Media Group (ISMG). "The transition is one of emphasis, where the CISO recognizes that protecting information is primarily a risk mitigation effort."

From traditional focus on technology and operations, the evolving CISO will require a centralization of risk management across the organization, with the growing need to identify risk relationships between business units.

According to Katz here's how the transition will take begin:

  • The CISO, instead of reporting to the technology arm of the organization, will report as the CIRO to the chief risk officer (CRO), who will report to the CEO and sometimes directly to the board.
  • The new CIRO will actively be involved with defining the different levels of risk and risk appetite of the corporation, identify which areas of risk are being impacted and come up with alternate solutions to manage and mitigate risk effectively.
  • This transition will help the CIRO to work extensively with other C-level business executives to identify risk relationships. New responsibilities will include providing risk-based information to guide decisions, ensuring that the corporate strategic agenda reflects the most important existing and emerging risks.

For more insights from Katz on the transition to CIRO, please listen to the recorded interview.

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.