Sheffield Haworth: Why Hiring the Right CISO is Hard and What You Can Do about It

Cybersecurity has moved to the front burner for CEOs and boards of financial services firms. With cybersecurity at the forefront, it is no surprise that the demand for Chief Information Security Officers far outstrips the supply. Beyond the challenge posed by short supply lurks an even bigger hiring challenge: Choosing the right person for the job.

Sheffield Haworth recommends taking these steps when hiring a CISO:

  1. Make cybersecurity a board-level concern. The CISO is a critical resource for the board, helping it understand cyber risks in general and in the context of business actions. Candidates for the role should therefore have business acumen as well as security experience.
  2. Determine where you currently stand. If security is weak, consider CISO candidates with experience turning around similarly weak organizations. If your security is strong, seek a candidate who can keep you on the cutting edge.
  3. Assess your security culture. If your company has a lax culture surrounding security, your CISO will need change management and influencing skills to fix it.

Talent will continue to be scarce and security threats will continue to multiply. Firms that know precisely what they need will waste less time on unsuitable candidates.

To view the full article, click here


Thought leadership category