With changes in the current regulatory environment, such as the implementation of the GDPR, the NYDFS Cybersecurity Regulation and China’s Cybersecurity Law, the roles of the CPO and CISO are becoming more important and more collaborative. In this three-part series, we speak to current and former privacy and security leaders at Restoration Hardware, Citi, West Marine and AvePoint about these positions and their integral, and sometimes overlapping, roles in protecting an organization. This first installment in the series covers the skills necessary for each function, how those requirements have changed, how to combat ongoing challenges and whether companies should continue to keep these functions separate or perhaps consider a convergence of the roles. Part two
will discuss effective governance, including reporting structure, scope of authority and the relationship with the board. The final part
will cover how these two teams should collaborate for effective incident preparation and response and on assessing and contracting with third parties. See also “How to Effectively Find, Compensate and Structure Cybersecurity Leadership (Part One of Two)
” (Dec. 14, 2016); Part Two
(Jan. 11, 2017).