Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
The Deputy CISO or DCISO role has become more common among security teams at larger enterprises.
This piece details the emerging DCISO role and provides guidance for security leaders who are considering adding this position to their team.
The DCISO typically reports to the CISO or CIO. Depending on the size of the security function and complex needs of the business, an enterprise may have several DCISOs heading up individual departments
that ultimately fall under the security umbrella.
For example, an enterprise might choose to have a DCISO leading compliance which helps reduce the risk of non-compliance fines and penalties. Dedicated leadership keeps the focus on data privacy and breach notification laws without drawing resources away
from other security initiatives.
READ: Understand Variations of the CISO Role
A DCISO can play a variety of roles within an organization including overseeing SecOps or A&E which keeps the focus on continuous security improvements. Key benefits of hiring a Deputy CISO include:
A DCISO org structure helps to streamline security operations for large enterprises with complex business unit infrastructures. DISCOs can manage day-to-day security operations when security resources get stretched thin. By placing high-performing security
talent in leadership positions as needed, the CISO’s functions are not compromised. This allows the CISO to focus on strategic long-term objectives and provide leadership oversight continuity.
READ: How to Structure the Information Security Function
DCISOs act as a liaison between the CISO and other departments to efficiently communicate current security status ensuring that all stakeholders remain informed of cybersecurity developments. They can identify and assess business unit risks and develop
strategies to mitigate those risks. Communication becomes much easier when the organization knows who is responsible for every piece of the security picture.
By defining the value of security investment through reporting dashboards and KPIs, a DCISO helps ‘keep eyes’ on the big picture. This can speed security improvements on
an enterprise scale fostering a more successful security program throughout the organization.
As a backup to the CISO, DISCOs enable efficient succession management of the security program to minimize risk and hedge against the impact of a departing security leader.
In addition, should the CISO be unavailable for any reason, DCISOs can continue to drive critical security initiatives forward.
Given its recency, a certain amount of ambiguity still exists around the DCISO role. As a result, HR and other recruiting arms of the business can find it challenging to bring on the right talent. Consider the following tips to help recruit and retain
As a niche-focused role, the DCISO excels when given the right balance of responsibility and decision-making authority. Organizations should carefully define the role in the context of the business’ real-world security needs.
Maximizing the value of the DCISO role requires carefully analyzing your security organization posture and threat landscape. When a particular category of information security tasking routinely requires significant time, energy, and resources, it becomes
a good candidate for specialized DCISO leadership.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 7, 2023
By IANS Research
Learn how to create an actionable CISO dashboard with meaningful security metrics using the three C’s principle that supports informed decision-making.
December 5, 2023
By Bryson Bort
As the year draws to a close, IANS Faculty provide their 2024 Cyber Predictions. Watch our video with Bryson Bort for tips on planning your 2024 IT/OT security strategy.
November 30, 2023
CISOs, find guidance on what to focus on within the first 30 days, 6 months and first year of your tenure to ensure a fast, successful start.