Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Council Teleconference: Application Rationalization — Hidden Costs and Smart Decisions
November 17 at 11:00 am US/Eastern (GMT-5)
Join Honorio Padrón, of The Hackett Group, who will share the drivers for companies to tackle application rationalization and the results of research that define the hidden cost of complexity. Additionally, we will discuss key decision milestones—to start or not, holding the course steady and fulfilling expectations.
Virtual Desktop Cost-Benefit Analysis — Michael Jacobs, Catlin Group
The analysis contained in this presentation measures the cost of everything from the machines and licenses to the infrastructure for virtual vs. traditional desktop environments.
Honor your best senior team members - Apply for the CIO Ones to Watch Award
Get well-earned public recognition for your top up-and-coming team members, your IT organization and your enterprise. Award winners will be announced, publicized and feted in May 2010, great timing to help attract new IT recruits to your company.
Learn more about the CIO Executive Council »September 05, 2008 — CIO —
Job Description: An IT security manager handles all aspects of IT security, creating and implementing corporate IT security practices and ensuring that employees follow those procedures. This position consists of securing Wi-Fi networks, handling offsite storage of backup tapes, establishing policies for lost laptops and much more. "It was a tough job and it's gotten tougher," says Andy Zaleta, partner and coleader of the technology practice in the Americas for executive search firm Battalia Winston International. "It has gotten down to being a huge job."
Why You Need One: Businesses need a position dedicated to keeping sensitive and important data private. Recent publicized incidents of system hacks, stolen computers and missing CDs, all containing confidential records, demonstrate the need for this job. The vast amount of information corporate IT systems hold requires protection. "Security is just an overall important issue, period," says Zaleta.
Desired Skills: Five to seven years of IT security experience. Look for candidates with Certified Information Systems Security Professional qualifications. Zaleta sees businesses emphasizing college degrees less for this position. Some are content with an associate degree or military experience; others want workers with a four-year degree.
where to Look: Try the security divisions of large technology companies (Microsoft, IBM) as well as security companies (McAfee, Symantec). Federal intelligence agencies may also prove fertile recruiting ground. The RSA Security conferences, held in the U.S., Japan and Europe, can provide a chance to network with those interested in IT security.
What To Look For: IT security managers need to be aware of internal security threats (employee access to restricted documents), external threats (wireless router hacks), and ad hoc issues (leaving a laptop on a plane). They also must know countermeasures against those risks. Possible hires should be able to express their commitment to security programs, have experience with budgets and know their IT systems in detail. They should also understand that most fraudsters look to exploit the minute weaknesses no one considers. Communication skills are crucial given the need to convey security policies to employees and the possibility of board presentations on overall security preparedness.
Elimination Round: Candidates must be able to describe their current security system and how it is being upgraded. Some may be reluctant to share this. However, the question needs to be addressed to see if the person understands security risks.
Base Salary Range: $125,000 to $150,000
Growing Your Own: An IT security training program is key to creating a successful in-house candidate, said Zaleta. This program should be coordinated with outside institutions that handle CISSP certifications. Senior management needs to commit to the training. Getting this support can prove challenging because training programs usually get chopped from the budget during spending cuts, Zaleta said. However, only with adequate training does one become fully versed in security issues.