The CISO oversees the development, implementation, and enforcement of information security standards and procedures. Responsible for determining enterprise information security policy and strategy. Being a CISO in charge of IT risk evaluations, audits, and security incident investigation. Ensures that all information systems are functional correctly regarding secure policy. In addition, CISO requires a bachelor’s degree. Typically reports to top management. The CISO manages a departmental function within a broader corporate function. Develops major goals to support broad functional objectives. Approves policies developed within various sub-functions and departments. Working as a CISO typically requires 8+ years of managerial experience. Comprehensive knowledge of the overall departmental function.

ciso Job Description Template

Our company is looking for a ciso to join our team.


  • Review and approve security policies, controls and cyber incident response planning;
  • Provide the required management reporting to the Programme Director and Functional Heads;
  • Define and drive the Information Security and Assurance framework aligning to the entire life cycle of the programme;
  • Define approach to Information Assurance and Accreditation;
  • Accountable for Information Security across the NSoIT(D) programme;
  • Maintain a current understanding of the IT threat landscape;
  • Provide mentoring and leadership to the Security Assurance Co-ordinators and Security Architects;
  • Develop and drive the appropriate operating model to ensure Information Security is Embedded within the programme;
  • Accountable for the identification and mitigation of security risks;
  • Ensure compliance with the changing policies, laws and applicable regulations;
  • Assure the information security artefacts ensuring they align to the strategy and approach of the programme;
  • Work collaboratively with the NSoIT(D) Functional Heads;
  • Ensure Information Security approach, policies and procedures are communicated to all teams of the programme.


  • Member of the Institute of Information Security Professionals;
  • Certified in Risk and Information Systems Control;
  • Certified Information Systems Security Professional (CISSP);
  • Extensive understanding and experience of DAIS Security Accreditation and HMG security policies;
  • Certified Information Systems Security Professional;
  • Information Systems Security Management;
  • ISO27005 Certification in ISMS Risk Management (CISRM);
  • 10+ years as an Accreditor or a Security Assurance Co-ordinator on complex secure systems;
  • CSTA/CSTP – Certified Ethical Hacker;
  • Certified in the Governance of Enterprise IT;
  • Certified Information Security Manager;
  • Certified Information Systems Auditor;
  • CCP SIRA Senior Level;
  • Recently acted as DAIS Lead Accreditor.