Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
June 17, 11:30 AM - 12:30 PM U.S./ET (GMT-4)
Larry Bonfante, CIO of the U.S. Tennis Association, will discuss the skills and approaches that your rising IT leaders must learn to be effective in an executive capacity.
How to Handle Your New CEO: Managing Turnover at the Top
June 18, 11:00 AM - 12:00 PM U.S./Eastern (GMT-4)
Turbulent times have increased turnover at the top. Find out what Council CIOs have done to "break in" new CEOs—build relationships, set expectations, educate on the role of IT.
Mid-Market CIO Panel: Tips and Techniques for Improving Vendor Relationships
July 15, 4:00 PM - 5:00 PM U.S./Eastern (GMT-4)
We'll highlight relationship priorities and best practices identified in a Council study, and we'll interact with a CIO panel on the approaches they've used to improve strategic vendor partnerships.
Executive Competencies Assessment Tool
Assess Your Business Leadership Skills with the Council's new benchmarking tool. Rate yourself in change leadership, strategy, customer focus and more.
Learn more about the CIO Executive Council »Apply today for a FREE subscription to CIO Magazine!
September 05, 2008 — CIO —
Job Description: An IT security manager handles all aspects of IT security, creating and implementing corporate IT security practices and ensuring that employees follow those procedures. This position consists of securing Wi-Fi networks, handling offsite storage of backup tapes, establishing policies for lost laptops and much more. "It was a tough job and it's gotten tougher," says Andy Zaleta, partner and coleader of the technology practice in the Americas for executive search firm Battalia Winston International. "It has gotten down to being a huge job."
Why You Need One: Businesses need a position dedicated to keeping sensitive and important data private. Recent publicized incidents of system hacks, stolen computers and missing CDs, all containing confidential records, demonstrate the need for this job. The vast amount of information corporate IT systems hold requires protection. "Security is just an overall important issue, period," says Zaleta.
Desired Skills: Five to seven years of IT security experience. Look for candidates with Certified Information Systems Security Professional qualifications. Zaleta sees businesses emphasizing college degrees less for this position. Some are content with an associate degree or military experience; others want workers with a four-year degree.
where to Look: Try the security divisions of large technology companies (Microsoft, IBM) as well as security companies (McAfee, Symantec). Federal intelligence agencies may also prove fertile recruiting ground. The RSA Security conferences, held in the U.S., Japan and Europe, can provide a chance to network with those interested in IT security.
What To Look For: IT security managers need to be aware of internal security threats (employee access to restricted documents), external threats (wireless router hacks), and ad hoc issues (leaving a laptop on a plane). They also must know countermeasures against those risks. Possible hires should be able to express their commitment to security programs, have experience with budgets and know their IT systems in detail. They should also understand that most fraudsters look to exploit the minute weaknesses no one considers. Communication skills are crucial given the need to convey security policies to employees and the possibility of board presentations on overall security preparedness.
Elimination Round: Candidates must be able to describe their current security system and how it is being upgraded. Some may be reluctant to share this. However, the question needs to be addressed to see if the person understands security risks.
Base Salary Range: $125,000 to $150,000
Growing Your Own: An IT security training program is key to creating a successful in-house candidate, said Zaleta. This program should be coordinated with outside institutions that handle CISSP certifications. Senior management needs to commit to the training. Getting this support can prove challenging because training programs usually get chopped from the budget during spending cuts, Zaleta said. However, only with adequate training does one become fully versed in security issues.