The responsibilities of information security are rapidly changing as enterprises digitize. Technology now enables business strategy and is transforming product, channels, and operations. In this new context, information security is expected to take a strategic role by helping business leaders understand the security implications of their digital strategies; support a quicker pace of technology exploitation and experimentation; and govern a larger, more varied project portfolio.\nDigitization has spurred three company-wide shifts, creating the need for three associated new information security roles.\nShift 1: Strategy over governance\nInformation security increasingly plays a larger role in advising business partners on strategy. A key driver is the growing difficulty of executing digital strategies securely. Technology enablement of product, channel, and operations introduces new potential vulnerabilities that can only be spotted by information security\u2019s keen eye. More business leaders are recognizing security\u2019s centrality; in fact, CEB data shows that 81 percent of boards of director review information security matters in most or every meeting (disclosure: I work for CEB).\nNew role: Strategic consultant\nThese developments require information security to seek out professionals with skills like communication and business acumen, and to develop employee knowledge that spans beyond risk management. To address this need, the role of strategic consultant is becoming more popular. A strategic consultant provides guidance on the entire ecosystem of information, systems, security, threats, and business trends to business and IT leaders. At some companies, strategic consultants may also advise on R&D initiatives and evaluate new security ventures and products.\nALSO ON NETWORK WORLD: 8 ways to jumpstart your career\nSuccessful strategic consultants have a deep understanding of the company\u2019s business model and industry knowledge along with typical consulting skills such as problem analysis and communications.\nShift 2: Customer-centricity\nSecurity concerns are starting to shape customer preferences as outcomes from cybersecurity attacks become more destructive. Product features like network connectivity have enabled scenarios such as the remote car hacking, a home security system takeover, and pacemaker manipulation. This means information security must ensure that security controls meet customer risk appetite, usability needs and regulatory requirements, while reducing the risk of costly breaches.\nNew role: Product security specialist\/manager\nTo ensure the connection between security and customer preferences, more teams are using product security specialists\/managers. Those in this role support product teams in the R&D phase by designing security capabilities in customer-facing products and services. This role is most common in the consumer-product sector, but in other industries individuals in this role might be responsible for designing capabilities for internal users or maintaining security for operational technology.\nSuccessful individuals in this role often have a background in market research, project management and development, or finance, but also have traditional security skills such as risk management and advanced threat monitoring and detection.\nShift 3: Continuous solutions delivery\nTo take advantage of new technologies faster, organizations are scaling continuous solutions delivery and delivering minimally viable products. Advances in APIs, microservices, containers, and other technologies provide corporate application development teams new tools and capabilities to scale and speed development. Rather than creating applications from scratch, these technologies allow developers to construct applications using building blocks that provide critical functionality.\nNew role: Dedicated application developers\nInformation security can support the goal of moving faster by automating security governance. A dedicated applications developer makes good security the fastest and easiest option for project teams by automating adherence to security policies and guidelines using patterns loaded directly into environment builds. This is done by means of building secure code, APIs, and security features into the container.\nALSO ON NETWORK WORLD: How to lure tech talent with employee benefits, perks\nIndividuals in this role often have a blend of security and core application developer skills, as well as experience developing APIs and microservices. Collaborating with groups like infrastructure, EA, and applications to design and test build environments calls for individuals who are effective at working in teams. The dedicated applications developer role can be a good stretch opportunity for application developers looking to add new skills and responsibilities.\nInformation security functions are starting to see their portfolio grow larger and more varied. To ensure that companies are able to find the talent they need, it\u2019s critical to understand the changes in the business and threat environments that are happening due to digitization and the associated impact they are having on security.\nDaria Kirilenko, IT research consultant at CEB, also contributed to this article.