CISO job search: What to look (and look out) for

Sometimes a CISO isn't really a CISO, or the role does not have the authority or resources it needs. Here's how those seeking CISO roles can avoid the wrong employer.

magnifying glass office chair employment career job search recruiter
Thinkstock

The first thing a CISO should remember when considering a new position is that C-level security professionals are a valuable commodity. That means take your time and be picky so you don’t land the wrong job. Or, as the world’s first CISO Steve Katz says, “Don’t go shopping when you’re hungry.”

That’s because CISO jobs are abundant but not equal. A quick search on LinkedIn, for example, turns up more than 1,000 open CISO-related positions, most of which appear to be at the executive level. Indeed.com, on the other hand, claims more than 4,000 positions on a search, but many of those titles are not C-level roles, and some aren’t even managers.

This a key distinction CISOs should understand when considering a new job, according experts. Is it a true C-level role with buy-in from the board and a direct or indirect line to the CEO? Or is it an overblown title for a lesser role? It might be a trophy job where the company just needs the body to meet regulatory requirements.

Does the role lack C-level status?

“One of the first things I ask is, ‘Who does the CISO report to?’ because understanding where the CISO position sits in the organization tells me how invested the hiring company is in security,” says George Viegas, CISO at Chapman University, a top-ranked private university in Orange, California. “If the CISO reports to the CEO, that is huge and indicates that the job is actually C-level with support from the top. If the CISO role reports to finance or risk or compliance, it tells me I’d be some level removed from top leadership.”

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.