CISOs: Do You Have the Five Critical Skills of a DRO?
Blog Article Published: 08/11/2016
By Mark Wojtasiak, Director of Product Marketing, Code42 CISOs exploring career advancement opportunities have a new consideration, according to Gartner VP and Distinguished Analyst Paul Proctor. At a Gartner Security & Risk Management Summit presentation in June, Proctor talked about the evolution of a new enterprise role, which is a logical next step for some CISOs: Digital Risk Officer (DRO). While few organizations have formally created the role, Gartner predicts that by 2020, 30 percent of large enterprises will have a DRO in place. Why? Because the increasing integration of digital technologies into business operations and products—the Internet of Things (IoT)—requires someone who can assess technology risk throughout the digital enterprise and provide executives with decisions that impact business processes. An example is assessing the physical system that gathers personally identifiable information from wearable technology. The DRO would look at how the data is used in marketing and sales operations, identify privacy issues, and look at the legality of monetizing the data as a source of revenue. Proctor reports while CISOs may not have the title, many have gradually taken on some of the tasks associated with a DRO, such as:
- Reviewing contract clauses for technology risk and security requirements
- Developing policies to address the growing use of technology not controlled by IT
- Addressing the privacy and security of data gathered by IoT devices
- Providing security expertise to Mode 2 projects
- Dotted-line reporting to operational risk groups
- Fully comprehend how the business is run, recognize desired strategic outcomes and speak the language of executives in order to fully articulate digital risk factors in operational and financial terms.
- Understand IT, IoT and operational technology (OT), and the overlap of technology and the physical world.
- Have the ability to work in a bimodal organization, supporting Mode 2 projects.
- Understand global privacy and e-commerce regulations.
- Have a people-centric style to work across the organization in collaboration with businesses, legal, compliance, operations, and digital marketing and sales.