Wanted: Information Security Officer - WST

Looking for a new Information Security Officer? What skill sets should be considered?

As information security professionals, we are often asked by our clients about the basic skill sets to look for when hiring a new Information Security Officer (ISO). The obvious answer is to seek a candidate with strong technical skills; however, of equal importance yet often overlooked, are “soft” skills and operational knowledge. Practical experience with systems and applications combined with strong interpersonal/communication skills enable the ISO to work effectively with staff at all levels across the organization. Additionally, the ISO must be the subject matter expert and independent “voice” for information security. Therefore, it’s imperative that the candidate has the skill to articulate information security concerns amid conflicting technology and/or business objectives. Furthermore, an individual with proven leadership skills and the ability to influence decision makers can help foster a “culture of security” across the organization.

Below is more detail regarding the skills mentioned above, as well as a couple behavioral traits to look for when evaluating your next candidate.

• Interpersonal/Communication – The ability to work as a member of team. The ability to clearly articulate technical concepts, security risks and controls to a “non-technical” audience (e.g., business units, senior management, board members etc.). The ability to deliver feedback in a firm yet non-threating manner.
• Leadership and Influence – The ability to “champion” security initiatives and influence decision makers at all levels across the organization. The willingness to lead by example and maintain convictions in the face of adversity. The ability to educate others and drive a strong information security culture.
• Continuous learning - The desire to seek knowledge and stay abreast of emerging trends across a wide range of topics related to information security, industry/business and regulatory environments. The ability to listen to and learn from other subject matter experts.
• Internal motivation - The willingness to independently pursue and identify security risk mitigation strategies. The ability to prioritize and manage demanding workloads in a dynamic environment. The ability to operate independently, often without direct supervision.
• Ownership - The willingness to take charge and accept responsibility for information security across the organization (when successful and when not).

In summary, a well-rounded individual with solid technical skills complemented by highly developed soft skills could be considered the ideal ISO candidate.

Resources:

• Need an Information Security Officer Job Description? Let us know, we have a free template for you.
• Need Information Security Officer Training. Check out our Certified Banking ISO Program at https://10dacademy.com
• Want to outsource the ISO role: Check out https://appliedcs.com/index.php for Virtual ISO Services.

Authored by:Stan P. Skwarlo, CISA, CISSP