Chief Information Security Officer, Information Security Officer, Information Security Manager, Security Officer, there are many terms used for (mostly) the same roles or functions. But what is the difference and what are the similarities? And perhaps even more important: What can you expect?
Depending on the size of an organisation, different roles or functions can be present for the tasks in information security. As outlined above, these roles can have various titles, but they more or less boil down to the following:
The Chief Information Security Officer (CISO) is at the highest management level of the organisation and develops the overall security strategy for the entire organisation.
The Information Security Officer (ISO) develops the information security policy for a business unit based on the organisation's policy and ensures that this policy is complied with.
The Information Security Manager (ISM) develops the information security policy within the IT organization and ensures that this policy is complied with.
Does your organization not consist of several business units and/or does it not have a (large) IT organization? Then one single role, often referred to as the "Information Security Officer", will suffice. This ISO then develops the organization's information security policy (and thus also the general security strategy for the entire organization) and the information security policy for the IT. In addition, the ISO makes sure that the policy is complied with.
The ISO is therefore the spider in the web when it comes to the security of information within your organization. He is responsible for implementing and supervising the information security policy. The ISO has a central role in managing all the processes involved. If you are, or want to be, certified against the ISO 27001, or the NEN 7510, then the ISO must comply with the measures from that standard when controlling the processes.
A nice story, but what do you get from me when you hire me as an ISO?
Together with you, I determine your needs and we draw up a plan. Do you not have a management system yet but would like to set one up, possibly followed by certification? Then I will make a plan for you to achieve the establishment of your management system. I will support your own ISO in carrying out the work.
Do you not yet have an ISO? Then I can temporarily perform the tasks for you. I can also help you find and train an ISO.
Do you already have a certificate, but do you lack the capacity within your organisation to update it periodically, then I can support you in these activities. We can even see if we can set up an automated management system.
However, it is important to remember that the final responsibility for the implementation never lies with Olthof Support (or any other CISO, ISO, ISM, SO, PO, DPO), but always in the line.
If you want to know more about hiring me for the above role, please contact me.