As CIOs establish IT security controls in their own departments, they need to solidify their relationships with other parts of the business. Because of IT’s increasing involvement in what were formerly HR and legal department matters, “the CIO has a lot to contribute,” says Richard Hunter, a vice president and expert on security and privacy with Gartner.
For example, although the CIO will decide which monitoring and filtering technologies to buy, what those technologies will block and search for and what the impact on employees and processes will be are business decisions that should be made collaboratively. “It’s no different than a travel or hiring policy,” Hunter says.
To ensure that he’s able to manage Credit Suisse’s IT-centric risks, CIO Tom Sanzone created an IT risk department that has forged ties with HR, legal, compliance and internal audit. The head of this department, who reports directly to Sanzone, helps determine compliance policies with the other groups and ensures that Credit Suisse is complying with governmental and financial regulations. In addition, HR is responsible for duties such as shutting down system access and retrieving PCs and BlackBerrys when an employee leaves the company. Sanzone says that by having risk report directly to him, it elevates the department’s status within the company as well as emphasizes to his peers the importance of its mission.
Next read this:
- 7 business skills every IT leader needs to succeed
- Spring 2021: State of the CIO
- 7 management books every CIO must read
- Top IT spending priorities for 2021
- 10 technologies that will disrupt business in 2021
- Top 5 strategic priorities for IT leaders in 2021
- How to build (and sustain) high-performing IT teams
- 10 future trends and how CIOs can keep ahead in 2021
- 10 most misused buzzwords in IT
- CIO resumes: 9 best practices and 8 strong examples
- Why IT projects still fail