A CISO’s Guide to a Robust Employment Agreement, Employment Risks, and Technology Risk Governance
It is with great pleasure that we present to you this handbook on mitigating career risks and empowering Chief Information Security Officers (CISOs) and Technology Risk Executives to better protect themselves. As a Venture Partner at SYN Ventures and the Chairman of SINET, I am delighted to lend my voice to this important publication.
This guide stems from a presentation by Michael Johnson (CISO, Meta Financial) and Brian Fricke (CISO, City National Bank of Florida) at the SINET Risk Executive Workshop in Scottsdale, Arizona in February I would like to recognize their efforts, in particular Brian’s stewardship of this deliverable.
Historically, the CISO position was viewed as a technical blue-collar security cost center. Today, the sage and modern CISO can articulate complex matters to their BOD, is viewed as an enabler and driver of the business enterprise-wide, understands the company’s business objectives, and at times can deliver ROI. Given the state of affairs in Cyber, the future belongs to the business-aligned Risk Executive.
Throughout this document, the umbrella term “Risk Executive” refers to CISOs, Chief Security Officers, Chief Information Officers, and other executives who manage technology risk at their organization. I fervently believe that this elevated title is deserving, as these individuals are managing more risk than most executives at any corporation, while carrying a higher level of liability due to the nature of their responsibilities.
It is important to note that this handbook is not a one-size-fits-all document tailored to the particular nuances of each job or industry, but rather an overarching patchwork of areas that one should consider when re-negotiating their current employment agreement or when being interviewed for a new position.
It is unlikely that this handbook would have gained traction 5 years ago, however under the circumstances of Joe Sullivan’s conviction, The Wells Act notice to Tim Brown, Mudge’s need to testify on Capitol Hill, and other scenarios yet to surface, it now has a chance to gain energy. Protecting yourself as a 21st century Risk Executive requires increased awareness, beginning with a robust employment agreement and the education of BODs. In the end, no one is going to protect you but you. There is an opportunity here for a movement.
SINET is known for bringing together the highest level of executive peers at the highest level of thought leadership in a trusted format that encourages transparency, which leads to increased knowledge sharing and information gained. By fostering a deeper understanding of risk management and offering practical guidance, this handbook strengthens the protection of both individuals and their organizations. Thank you to all the members of the SINET Community as we remain steadfast in our support of the 21st century Risk Executive as they strive to protect our nation’s critical infrastructures, national security, economic interests, and our inherent right to privacy.
Views: 0
