What Chief Information Security Officer qualifications are vital?

Demand is high for skilled Chief Information Security Officers (CISOs) in Singapore, and a recent industry report identified a number of key issues facing CISOs. These include the need for all employees to understand and embrace cyber security protocols, and an increasing incidence of ransomware attacks.

In its role as a global hub, Singapore can be in the crosshairs of cyber criminals. In 2021, Singapore experienced a 145% year-on-year increase in cyberattacks according to statistics from Check Point Research. While the healthcare industry was most impacted, with an average of 1998 cyberattacks per organisation, the manufacturing and transport sectors also experienced significant increases in cyberattacks.

In addition, early 2022 saw the Singapore Computer Emergency Response Team (SingCert) warn of a global resurgence in hacktivism arising from the Russia-Ukraine conflict. SingCert said it is a timely reminder for organisations to manage relevant risks related to cyberattacks, adding that organisations should “remain vigilant, and take all necessary actions to review their security preparedness and strengthen their cyber security posture”.

These issues, coupled with a number of high profile cyberattacks, have raised awareness of the important role CISOs play within an organisation. As the complexity and scale of cyber-risk evolves, so does demand for Singaporean CISOs. As Singapore’s Senior Minister and Coordinating Minister for National Security, Teo Chee Hean noted earlier in 2022, “The more we digitalise, the greater the surface area that is exposed to threats in cyberspace.”

So, who can fill this in-demand role, and what Chief Information Security Officer qualifications are vital? Here’s what you need to know.

What are the responsibilities of a CISO?

Within a company’s IT department, the Chief Information Officer (CIO) has traditionally captained the team, and held responsibility for developing the organisation’s overarching digital strategy. The CISO on the other hand, plays more of a specialist role, with a particular focus on protecting information and data security.

Key functions of the CISO in Singapore

The CISO role demands extensive understanding of information security and/or IT risk management, coupled with an ability to address the security, performance, and reliability of a company’s IT networks.

In Singapore’s business environment, where cyber security risks remain high, a CISO is responsible for:

• Reviewing, initiating and monitoring appropriate cyber security strategies in line with regulatory standards especially around data protection
• Developing security solutions including intrusion detection, firewalls, data, and encryption
• Developing and implementing policies, standards and procedures to maintain a high level of security
• Advising management on the appropriate cyber security solutions and technologies to be deployed
• Preparing and updating plans for business continuity and disaster recovery in the event the company is the subject of a cyberattack
• Staying abreast of evolving security threats, identifying potential weaknesses in company systems, and reviewing and implementing change management processes
• Building a company-wide culture of security risk assessment and compliance

The CISO may also be tasked with implementing measures that may go beyond a company’s immediate team – and expand to company clients, customers or suppliers.

The CISO role is both exciting and highly responsible, and it tends to be well remunerated.

To find out more, explore our Salary Guide: 2022 Singapore Salary Guide | Robert Half®.

What CISO qualifications are vital?

The CISO role is a senior management or executive position and requires a blend of technical expertise and leadership experience.

Education: A tertiary degree in Computer Science, Information Systems, Engineering or related IT discipline is preferable but not required.

Professional certifications: Tailored and practical certifications including CISSP (Certified Information Security Systems Professional) and CISM (Certified Information Security Manager) demonstrate a practical understanding of the IT field.

Technical expertise:

• In-depth knowledge of IT systems and architecture
• In-depth knowledge of data administration
• Good knowledge of cyber-security and ongoing threats

Leadership expertise:

• Management and leadership experience
• Understanding budgeting, recruiting, and business operations
• Business and commercial acumen

Related: Explore CISO roles available through Robert Half.

What soft skills should a CISO possess?

• Problem solving skills: In order to stay ahead of an ever-evolving cyber security landscape, a CISO needs to have an analytical mindset and ability to interpret and guide responses to both long-term and immediate pressures.
• Leadership skills: As a the most senior position within the IT team, the role calls for excellent management and teamwork skills.
• Communication skills: Strong presentation skills can be essential as the CISO may be called on to speak at company or industry functions, or to present to the company Board. The ability to clearly and effectively convey highly technical issues to non-technical personnel is especially desirable.

If you are an IT professional ready to take the next step as a CISO, it is worth speaking to the experienced recruitment experts at Robert Half. Or, if you’re ready to begin the job search, here’s how to find the right job for you.