Chief information security officer

You can:

• determine the right balance between the organisation's cyber and information security capabilities, acceptable level of risk and speed of technology progress
• decide areas that need security investment
• create a security roadmap that enables the organisation to achieve its objectives

Examples of leadership using this skill:

• explaining the mutual benefits of the security strategy to a range of stakeholders and teams to bring them onboard
• advising other leaders on how to integrate security requirements in their strategies
• ensuring security is part of all the organisation's initiatives, despite competing priorities
• gaining support for investment in security from other leaders

You can:

• develop an effective cyber and information security governance framework that is integrated with overall organisational governance
• prioritise issues affecting the organisation’s ability to meet security policies and follow standards
• lead a continuous review process to ensure governance meets changing regulations, legislation and best practices
• mitigate risks caused by unavoidable exceptions to the governance framework

Examples of leadership using this skill:

• escalating risks to the highest level in the organisation when governance issues do not have defined owners
• persuading others to use their financial resources for changes needed to comply with the framework
• helping stakeholders be aware of the risks that are caused when an exception is agreed

You can:

• maintain a clear understanding of the cyber and information security risks across the whole organisation
• develop and implement risk assessment processes
• oversee the assessment of the organisation's partners and supply chain for potential threats or vulnerabilities

Examples of leadership using this skill:

• building a culture where teams have awareness of, and take responsibility for, risks and mitigating them
• advising programme owners and people running IT services about risks in a way that enables them to act on that advice
• communicating with senior leaders in a way that enables them to make decisions about accepting or mitigating risk

You can:

• put in place continuous cyber and information security awareness and education programs, for example, training for specific groups
• use a range of methods to assess whether people’s security behaviour is improving
• compare the maturity of security awareness and culture in your organisation against others across government to determine effective improvements

Examples of leadership using this skill:

• incentivising the right behaviours across the whole organisation so that everyone knows how they contribute to security
• persuading senior leadership to represent a campaign personally
• communicating insights from previous incidents to ensure they are learned from

You can:

• ensure the organisation’s technical architecture is appropriately resilient to cyber threats and attacks and has appropriate recovery mechanisms
• oversee the use of processes, tools, platforms and other practices needed to effectively implement secure technical architecture
• ensure your supply chain is managing cyber risk based on the level of risk your organisation accepts

Examples of leadership using this skill:

• educating senior leaders on the importance of security in the development of services and products
• deciding when exceptions to security policy and processes are allowed
• getting support for investment to ensure appropriate security in the organisation’s supply chain

You can:

• implement cyber incident management processes that reflect the level of risk accepted by the organisation
• ensure the organisation is prepared for and can effectively respond to incidents
• determine the impact of critical incidents on the organisation’s technology
• lead the response to critical incidents that affect the whole organisation

Examples of leadership using this skill:

• helping the incident management team build relationships with senior leaders
• leading simulation exercises with the board so they understand their role in incident response processes and the implications of potential incidents
• assessing what to communicate to the board, ministers or the whole organisation, and when to do it

You can:

• detect and analyse early trends in technology, data or cyber security that could be important for your organisation
• advise the organisation on the implications of new technologies and uses of data, such as ethical, security or legal implications
• support teams to identify opportunities for innovation
• introduce technologies and methods that address shared problems

Examples of leadership using this skill:

• building trust and credibility with stakeholders by demonstrating the relevance of new technologies or methods to address organisational challenges
• helping people at all levels of your organisation understand the potential benefits and risks of changes
• persuading other leaders to support and invest in innovation

You can:

• guide the organisation to ensure it has the technical, security or data skills it needs
• develop organisational processes and ways of working so that digital and data roles you support can thrive
• continuously improve and optimise the organisational environment

Examples of leadership using this skill:

• prioritising capability needs that will have the most impact
• negotiating for longer-term investment in people by articulating the risks and benefits of different staffing strategies
• advocating for good practice in ways of working and supporting people to adopt this practice
• growing digital and data communities

Innovation in digital and data

Capability building for digital and data teams

Innovation in digital and data

Capability building for digital and data teams