Home > Peak Performance > Job Description of the Chief Security Officer

Job Description of the Chief Security Officer

Some clients of mine asked me to help them prepare a formal
job description for a CSO. Here’s what a
colleague of mine and I came up with.  It’s more detailed than this one in CSOOnline.com, the e-zine of CSO Magazine, but roughly in the same spirit.


The Chief Security Officer is the leader of the corporate/physical
security function for Nirvana, to include responsibility for overall corporate
security strategy, security architecture development, and global function
oversight. The scope of this role covers all utilized security technologies and
services, including protection services, perimeter defenses, physical and
logical access control, and profile management of all employees, contractors
and visitors. As the company’s senior security officer, this person also has
enterprise-level responsibility for all data/information security policies, standards,
evaluations, roles, and corporate awareness.

This person will work with user and technical groups and
Internal Auditors in the development and implementation of a security strategy
designed to provide a high level of security over physical facilities and data
processing while preserving and enhancing facility and system usability. This
person must be able to develop and implement flexible security solutions, dictated
by the needs of a hybrid and rapidly evolving decentralized business
environment. The individual must be a results-oriented person who can achieve
tangible improvements in the corporate security arena. Excellent technical and
communications skills are a must, as well as proven security leadership


The Chief Security Officer will be responsible for directing
the activities of the security function. Responsibilities will include:

• Work closely with
corporate executives, business managers, audit and legal counsel to understand
corporate requirements related to security and regulatory compliance, and to
map those requirements to current security projects.

• Develop, implement,
and manage the overall enterprise process for security strategy and associated
architecture and engineering standards.

• Develop and
implement policies, standards and guidelines related to corporate security.

• Oversee the
continuous monitoring and protection of facilities, personnel and information
systems. Evaluate suspected security breaches and recommend corrective actions (including
incidents involving outside vendors).

• Serve as the
enterprise focal point for security incident response planning and execution.

• Define and
implement an ongoing Nirvana Risk Assessment program, which will define, identify,
and classify critical assets, assess threats and vulnerabilities regarding
those assets, and implement safeguard recommendations.

• Assist Internal
Audits in the development of appropriate criteria needed to assess the level of
new/existing applications and/or technology infrastructure elements for
compliance with enterprise security standards.

• Establish and
monitor formal certification programs regarding enterprise security standards
relating to the planned acquisition and/or procurement of new applications or

• Assist in the
review of applications and/or technology environments during the development or
acquisitions process to (a) assure compliance with corporate security policies
and directions and (b) assist in the overall integration process regarding
Nirvana’s own technology environment.

• Oversee the
development of, and be the enterprise champion of, a corporate security
awareness and training program.

• Manage security
functions related to corporate information systems or data centers, working
closely with the VP of information security.

 • Evaluate changes
to the corporate environment for security impact and present findings to


The Chief Information Security Officer will initially report
directly to the Chief Operating Officer, The Chief Financial Officer, or Legal
Counsel and will serve on Nirvana’s Executive Planning Council.

The CSO will have direct reports including an administrative
assistant, the manager of security architecture and engineering, and various
other staff.

The CSO will have dotted line reports including the VP of
Information Security, The VP of Internal Audit


The candidate will have:

• A college degree (BA/BS),
or equivalent work experience.

• Excellent staff
management skills.

• Ability to
interface with top management

 • Eight to ten (8-10)
years of management experience at least five of which were in a security-related
area in a leadership capacity.

Other desired qualities include:

• Consensus-builder,
while still results-oriented and commitment focused

• Network-based
security experience

• Business-based
attitude; i.e., the recognition that no policies can be implemented w/o
demonstrable business benefit

• Customer service

•  Awareness of and
strong experience in:

Vulnerability testing in addition
to penetration testing

security practices as a people problem versus a technical problem

architecture with an understanding of how to get there, including compliance
monitoring and enforceability



More than I want to pay and less than you want to earn.

Categories: Peak Performance
  1. March 15, 2007 at 3:11 pm

    Whew! Steve – thats comprehensive.
    ASIS International also has a great resource for “Job Description of the Chief Security Officer”. We at Quantum Secure (http://www.quantumsecure.com) have been working thru various CSO Dashboards, and policies to automate CSO’s Tasks, Key Success Factors, Strategies, etc. listed herein.
    ASIS Chief Security Officer (CSO) Guideline
    Copyright © 2004 by ASIS International
    All rights reserved. Permission is hereby granted to individual users to download this document for their own personal use, with acknowledgment of ASIS International as the source. However, this document may not be downloaded for further copying or reproduction nor may it be sold, offered for sale, or otherwise used commercially.

  2. March 15, 2007 at 6:22 pm

    [tongue in cheek]
    Think I’ll pass on this job.
    [/tongue in cheek]
    Sounds perfect for someone like you though. It was good to see you at Secure World.

  3. March 8, 2010 at 12:16 am

    The job of a Security Officer is a highly specialized position for supervising and managing the Security Unit of an installation or premises which he heads. I found your site suits best for searching good security job descriptions. thanks.

  4. April 21, 2013 at 6:16 pm

    Wow that was strange. I just wrote an really long comment but after I clicked submit my comment didn’t appear. Sucks! Anyway, just wanted to say excellent blog!
    My partner and I often publish guest articles for other weblog owners to help increase exposure to our work, as well as provide good articles to blog owners. It truly is a win win situation! If you are interested feel free to e-mail me so we can talk further. Thankyou!

  5. May 17, 2014 at 11:10 am

    I do believe all of the ideas you have offered on your post.
    They are really convincing and can certainly work.
    Nonetheless, the posts are very brief for novices.
    Could you please lengthen them a little from subsequent
    time? Thanks for the post.

  6. June 20, 2014 at 9:03 am

    The condos found at the Haliburton Heights are quite spacious.
    Mark Ryan a director of the center for disease control says that short term exposure to Barium can lead
    to anything from stomach to chest pains and long term exposure causes blood
    pressure problems and functions to weaken the immune system.

    Geo-tagging is also provided which automatically records the location at which
    a photo was taken thanks to GPS.

  7. June 25, 2014 at 8:43 am

    What’s Taking place i am new to this, I stumbled upon this I
    have found It absolutely useful and it has aided me out loads.
    I am hoping to give a contribution & help other customers like its helped me.
    Great job.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: