Chief Security Officer (CSO)

The chief security officer (CSO) is the company executive responsible for the security of personnel, physical assets and information in both physical and digital form. The importance of this position has increased in the age of information technology (IT) as it has become easier to steal sensitive company information.

The term chief security officer was primarily used to describe the person responsible for IT security in a company. In some cases, that definition still applies. But in more recent years, the role of a CSO has expanded to include overall corporate security such as a company's personnel and physical assets along with digital and physical information. 

The person holding the title is also sometimes referred to as a chief information security officer (CISO). In some cases, the person is also known as the vice president or director of corporate security, which consolidates all forms of corporate security under a single department.  

The CSO is a member of a company's upper management team. In this role, the CSO is responsible for developing and overseeing policies and programs used in the mitigation and/or reduction of compliance, operational, strategic and financial security risk strategies relating to the personnel/staff, any assets and other property.

The role of the CSO was not in high demand about a decade ago. But the position has become very popular in recent years, and according to USA Today, is has become hard to fill. That's because CSOs are rare and hard to find.

Many CSOs come from different backgrounds — some from government, while others come from the corporate world. 

They may be hard to find, but many companies still do not have a CSO in their management teams. Other firms end up looking to fill the position when they have suffered some sort of damaging breach. 

In order to be a CSO, the person should have a solid background in computers as well as experience working in environments where he or she is exposed to different problems, whether they are related to physical security, cybersecurity, or informational issues. The candidate should know about the business they will be protecting and must be a good communicator. Because security can come with a heavy cost, the candidate will need to be able to relate plans and requirements to the rest of the management team with ease. 

The CSO is responsible for executing and overseeing, among others, the following duties:

• Day-to-day operations: Implementing and overseeing strategy to assess and mitigate risk, safeguarding the corporation and its assets, crisis management.
• Security: Developing, implementing and maintaining security processes and policies, identifying and reducing risks, limiting liability and exposure to informational, physical and financial risk.
• Compliance: Making sure the company is compliant with local, national and global regulations, especially in areas like privacy, health, and safety.
• Innovation: Conducting research and executing security management solutions to help keep the organization safe. 

Many experts say there is a small pool of talent from which companies can choose when hiring CSOs — there just aren't enough to go around. But it will become a position that will continue to be in high demand, since many companies are experiencing breaches and threats to their security.