Cybersecurity roles perform a wide range of information and cybersecurity functions including technical research and analysis, conducting reviews, assessments and investigations, and maintaining technical equipment and systems to support information and cyber security capabilities. However, who leads people in cybersecurity teams is not as clear to identify. In today’s story we focus on the difference between a Chief Cybersecurity Officer (CCO) and a Chief Information Security Officer (CISO).
In a large organization, the CCO and the CISO are both critical roles in managing the security needs of the organization. Importantly, they have distinct areas of focus and responsibilities. We looked at some of the differences in more detail.
Chief Cybersecurity Officer (CCO)
The role of the CCO focuses on cybersecurity strategy. This includes threats, risks, defence strategies and more. The CCO is the person in an organization who develops and implements policies to protect the organization from cyber threats.
Other important facets of the CCO role include technical emphasis whereby the individual in the role should concentrate on advanced technologies and solutions. This can include intrusion detection, threat intelligence, and incident response tools.
In many organizations, the CCO will report to the CIO (Chief Information Officer) or the CISO.
Chief Information Security Officer (CISO)
The role of the CISO focuses on information security strategy. This includes physical security, data governance, compliance, and risk management, as well as cybersecurity. The CISO is the person in an organization who is responsible for protecting all forms of organizational information – printed, written, or spoken.
Other important facets of the CISO role include pushing the organization to adhere to industry regulations like GDPR or HIPAA. Additionally the CISO will develop security frameworks and policies. They will also work at a broader, strategic level focusing on business continuity and disaster recovery.
In most organizations the CISO will report directly to the CEO or the Management Board. In this case the CCO often serves as a strategic team member within the CISO’s department. On occasion the two roles can be on a similar level within an organization too.
CISO Role at State Street in London
To help find some examples of a CISO role we looked at the job market. As of the 12th of December 2024, State Street Corporation (a large asset manager with offices around the world including Krakow in Poland) is looking for a CISO in London to cover the EMEA region. The most important parts of the role description include:
- Serve as key Security contact for the EMEA region leadership team
- Collaborate with Global Cyber Security and assigned business partner teams to ensure the business aligns plans addressing security policies in their products and services
- Review and present Phishing statistics with educational sessions on improvement tactics
- Communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
- Consistently display working knowledge of the following areas of technical expertise: information policy formulation, information security management, business risk management, IT risk assessment and management
- Execute the implementation of Global Cyber Security strategies and tactics aligned to key State Street risk and business needs
- Provide regular status updates to the SVP, Governance, Risk and Compliance Operations (GRC) on business dealings affecting Security
The role bridges the EMEA leadership team at State Street with global cybersecurity strategies. It integrates security into business processes. Leads phishing education and communicates technical issues clearly. The person needs expertise in risk management, policy development, and executing strategies to address key risks. All this whilst providing senior leadership with regular updates.
The Role of the CISO gets more attention than the CCO
There was a role for a CCO at the EU recently, however there are no household names recruiting a CCO today. In September 2022 there was a lot of talk about a lady called Lea Kissner. At the time Lea had been the CISO of Twitter since January. Then Musk turned up… and Lea left.
Twitter CISO Lea Kissner has resigned.https://t.co/d4fYsnjdu7
— TechCrunch (@TechCrunch) November 10, 2022Interestingly, in a later story from TechCrunch, Lea is described as the Chief Cybersecurity Officer of Twitter and not the CISO. Since then Lea has moved to LinkedIn where she fills the role of CISO once again.
There are many CCOs in place at companies across the world. One of these is Helen Negre, Chief Cybersecurity Officer at Siemens. In her role Helen “is at the forefront of IT/OT security and Product Security strategy and operations in the infrastructure and transportation sectors. Helen’s influence extends to the Siemens Cybersecurity Board, where she plays a pivotal role. She also spearheads the Cybersecurity Awareness, Education, and Culture workstream, and leads an IT/OT convergence initiative at Siemens.”
Another leading CCO is Dr Chirstoph Peylo of Robert Bosch GmbH.
NightDragon is excited to feature Dr. Christoph Peylo in our latest Advisor NightFeature! Christoph is Chief Cyber Security Officer of Robert Bosch GmbH, leading a global team of experts for securing Bosch’s infrastructure, products and services against cyberattacks. pic.twitter.com/Xdx8mYr2RL
— NightDragon (@nightdragon) July 28, 2023Christoph headed up the Bosch Center for Artificial Intelligence before starting his role as CCO. Today he leads “a global team of experts for security Bosch’s infrastructure, products, and services against cyber-attacks. In addition, he leads the project “Digital Trust” in Bosch’s Digital Business to ensure trustworthiness of AI products.”
Cybersecurity is Dynamic. The Challenges Continue to Evolve
Just as the challenges facing cybersecurity teams today are changing continuously. So, too, must the leaders of cybersecurity in organizations continuously improve and evolve. It’s not always the external threat that constitutes the biggest threat. It’s the internal threats posed by employees not being aware of data security that can often be a bigger problem. Or employees being aware of them in some cases. This needs not only a knowledge of cybersecurity, but also a panache for presenting and for leadership. It’s not just an admin job. The role of a cybersecurity leader is to stand in front of the whole organization and ensure that everyone is SAFE.
Do you need help identifying the right talent for your cyber security team in Poland? Perhaps you are thinking of setting up a new cyber security hub in one of the cities in Poland. If so, get in touch with the specialists at Verita HR to find out how they can hep you. Recruiting, outsourcing or even through a recruitment process outsourcing model.
Verita HR offers services including RPO | Permanent Recruitment | Outsourcing | Media Services
#cybersecurity #poland #veritahr #cyber #threathunter #CCO #CISO
