Cybersecurity insights from industry experts.

The Role of the CISO in Digital Transformation

A successful CISO should play a leading role in digital transformation and cloud migration initiatives in their organization. The CISO is responsible for making sure technical security controls are designed and implemented appropriately, and changes are properly managed, with security in mind from the very start.

4 Min Read
Source: Chan2545 from Adobe Stock Photo

Modern-day demands require organizations to be flexible and digitally savvy, getting work done remotely and in the public cloud as often as in a centralized physical location, if not more so. As companies continue to modernize their workflows and migrate their data to the cloud, the role of the chief information security officer (CISO) takes on even more significance. 

While a CISO typically isn't the driver of new digital transformation initiatives, they are responsible for ensuring these initiatives are executed securely. The CISO must balance a push for innovation and modernization with solid security principles, integrating security best practices into new systems and workflows from the start, and frequently collaborating in a multidisciplinary governance approach to digital transformation with other leaders and stakeholders across the organization.  A strong CISO is an effective communicator, an influencer, and a security leader all in one.

Organizations wanting to take advantage of digital transformation without compromising security, privacy, resilience, and trust need to make sure the CISO is engaged and heard early in the process. The chief technology officer (CTO) and the chief information officer (CIO) have their own important roles to play, so the CISO must partner with these leaders, and others, to instill the security-oriented perspective throughout the planning and implementation process. 

A successful CISO can take a foundational approach to change, making sure that the company is considering relevant aspects such as security and privacy control requirements before, during, and after significant technological shifts, which often requires breaking through organizational silos to encourage change in the right way. 

Securing a Digital Transformation 

Securing a cloud migration requires a company to ask the right questions throughout the process. Because of their security expertise, CISOs can take a leading role in promoting and actively advocating for cloud security by default, design, and in deployment. While a CTO will take the lead in implementing new technological initiatives, and a CIO is often at the intersection where technology strategy and broader business considerations converge, the CISO should partner with these stakeholders to make sure security is considered at the initial stages of the process. And the CISO should also make sure to work closely with the chief risk and compliance officers so that  compliance and risk management concerns are considered during the architectural design and development phases as well. 

Outside of the C-suite, the CISO likewise has an important role to play in raising security awareness throughout the organization, so that it's a part of corporate culture and informs decision-making at all levels. This is especially important when facing the significant technological changes involved in digital transformation. One way of raising security awareness at scale is to invest in a structured training program to level-set on security considerations and requirements post-digital transformation. 

In addition, following a digital transformation initiative or cloud migration, there are often new attack surfaces and vectors that must be secured. Making sure that all personnel understand the fundamentals of security — and what's different post transformation — is one of the ways a good CISO will transcend siloes to ensure security best practices are implemented and continuously observed. 

Beyond employee vigilance, a CISO will lead the way in implementing continuous security controls monitoring and developing an incident response plan for the cloud, the success of which will also hinge on effective stakeholder collaboration across multiple teams and disciplines. 

Strengthen the Chain — Relationships Make the Difference

Digital transformation isn't solely technical. It involves the entire organization, is driven by business needs and customer expectations, and can impact the way that work gets done from top to bottom. In the absence of a strong CISO making their voice heard, it's all too easy for decisions to be made that may not fully consider critical security implications.  

A strong CISO is an effective collaborator, working as an equal partner with key stakeholders such as the CIO, CTO, and CEO. A CISO needs to connect the dots between security and business success, using a combination of technical expertise and organizational influence to ensure security controls are properly incorporated, even during times of rapid organizational change. The difference between a capable CISO and an exceptional one often comes down to the ability to see both the big picture of business strategy and the fine details of technical security at the same time.

Business units seeking new technological solutions may not have the necessary visibility beyond their individual spans of control to consider factors like data security and the flow of sensitive information between multiple different cloud-based tools. But the CISO, occupying a transversal role within the organization, is well-positioned to anticipate these issues and to guide digital transformation strategy along a secure implementation path that both their customers and internal stakeholders expect. It's crucial for a CISO to influence the controls that need to be implemented, setting the tone throughout the organization and cultivating a robust security culture. 

Read more Partner Perspectives from Google Cloud

Read more about:

Partner Perspectives

About the Author(s)

Marina Kaganovich

AMERS Financial Services Executive Trust Lead, Google Cloud Office of the CISO

Marina supports Google Cloud’s financial services customers in the Americas on Trust topics throughout their cloud journey, focusing on regulatory compliance, risk management, governance and oversight, cybersecurity and privacy.

Prior to joining Google, Marina held Legal and Compliance roles on Wall Street, overseeing the broker dealer compliance program at Thomson Reuters (now Refinitiv), leading US Compliance for the Technology, Human Capital Management and Corporate Services divisions at Goldman Sachs, and most recently, running the Digital Compliance team at BNP Paribas where she specialized in advising on emerging technologies including AI/ML and digital assets, and oversaw programs related to cybersecurity, data privacy, and cloud digital transformation initiatives.

David Homovich

Office of the CISO, Financial Services, Google Cloud

David is in the Office of the CISO at Google Cloud where he shapes cloud security and risk management practices for the Financial Services Sector.  He has over 15 years of experience implementing security policies and strategies, protecting information assets, preparing and testing incident response plans, and developing security protocols.

David helps customers reduce operational risk by ensuring organizations have the people, technologies, and processes in place to enable business operations while preventing, detecting, and responding to threats. He also specializes in advising on compliance to laws, regulations, and standards that govern information security, including ISO, NIST, and FISMA frameworks.

Before Google, David worked in both the U.S. government at DoD and DHS and the financial services sector at JP Morgan Chase and Credit Suisse.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights