The cybersecurity has become in recent years one of the major responsibilities of companies, regardless of size or sector.
The digital transformation , the rapid evolution of cyber attacks and the profit motive of cybercriminals have led to the emergence of new roles in the cybersecurity sector . Complementary profiles responsible for overseeing and protecting information and communications.
CISO, CSO, CTO, DPO, ET … These are the new emerging roles, all of them with a specific function and different levels of responsibility, but whose collaboration is key to guarantee the protection and security of the company.
What are these new professional profiles? What tasks do they carry out?
IT and cybersecurity ?
Every company knows and has the figure of a CEO or executive director . It is the highest position within the business organization chart and is responsible for the actions carried out in the business, as well as its performance and effectiveness. He is the boss. It is also known the figure of the CIO or head of systems , the person in charge of the IT area, in charge of planning the technological strategies of the company.
After these two posts of great responsibility appear new roles with a more specific performance, but of great importance to safeguard business security:
CTO : It is a technical position, similar to that of the CIO, it is in charge of the development and correct functioning of the information systems. Responsible for controlling and reviewing technological equipment and implementing technological improvements to meet business objectives. Respond to the CIO.
CISO : Is responsible for information security. Its main function is to coordinate that the security of the information and the objectives of the company are aligned. Guarantee the protection of the data . It is a position created to extend the coverage of the CIO regarding the mitigation of IT risks in the company. The CISO responds to the CSO.
CSO : Is the executive responsible for the security of the organization. It is responsible for maintaining the security of the company at a general level: establishing continuity plans, having a complete vision of the business and knowing the security risks, knowing the regulations, adapting to them and being aware of their changes …
Together with these IT profiles, other positions collaborate indirectly:
CCO : The Communication Director is in charge of implementing measures so that the organization transmits the desired corporate image and captures the attention. Create retention and loyalty strategies to reduce public impact in case of cyber attack.
CMO : He is responsible for marketing within a company. It ensures that the products and services offered by the company preserve the confidentiality of customer and prospect data. That the treatment of the data is done according to the norm.
Some of these positions, depending on the company and its size, are performed by the same person . Thus, for example, in an SME, the CIO can perform the functions of the CTO or the positions of CSO and CISO can converge in the same person.
The new roles of the GDPR
In addition, the GDPR has introduced new roles in charge of the compliance and treatment of the data of citizens of the European Union:
DPO : It is the Delegate of Data Protection (in Spanish it is DPD). He is in charge of ensuring compliance with the GDPR – mandatory compliance as of May 25, 2018 – within a company. It must supervise that the technological and security solutions implemented comply with the GDPR and act as a link between the control authority and the company. It is an independent position and must work hand in hand with the CIO.
RT : It is the Responsible of the Treatment of the data. Physical or legal person, public authority, service or body that decides on the purpose, content and use of the treatment. It is responsible for establishing and ensuring compliance with the rules regarding data processing and circulation.
ET : He is the Data Processing Manager. Personal or legal entity, public authority, service or body that, alone or jointly with others, treat personal data. It must be responsible for protecting personal data and ensuring an adequate level of security for its treatment. In addition, he is in charge of updating and managing the Registry of treatment activities . Respond to the Treatment Manager.
All of them agree on a common main objective: to ensure and protect the infrastructure, communications and information of the company. The cyber security is your primary concern. They are in charge of implementing the necessary technological solutions to safeguard the business and comply with the General Data Protection Regulations .
Are you taking steps to comply with the GDPR? Do you know how to adapt? Fill out the form below if you are interested in receiving more information about the GDPR . Prepare your company before next May 25!