Relationship between a CIO & CISO in an Organization

LIFARS astute Information Risk Management leaders can discern security need

As the organizations emerge as more security centric, it is evident that the role of CISO (Chief Information Security Officer) has become inevitable in most organizations. Because of this, a CISO’s role and responsibilities in an organization in relation to other C’s is also another topic of consideration especially when the roles seem quite relatable especially that of a CIO (Chief Information Officer) & CISO.

Their relationship is often described as “ever evolving” but can be adverse as well. The CISO reports to the CIO which often causes a potential conflict of interest. Both the CIO and CISO have the key responsibility to protect and manage data and assets, though from different points of view.

The difference in views sometimes leads to disagreement and difficulty in the execution of business & risk policies.

CIO Role

Both CIO and CISO both work closely with each other within an organization. A CIO has the role of ensuring that the company’s business processes are running efficiently, and new technologies are implemented to modernize services. More security tools are frequently used in IT operations, as a result, the CIO might have to check for proper alignment of security processes at various stages of business.


A CISO is positioned to protect data and assets from potential information security risks in an organization. This individual has the role of managing where and how data should be stored & protected, setting up the risk threshold for the company and designing the business risk framework.

Apart from this CISOs are also involved in Vendor Risk Management and Segregation of Duties (SoDs) within an organization.

They are well known for rejecting various business decisions based on probable business risks. Due to that, a lot of organizations simply cut them from the decision making process. But, due to emerging and yet evolving cyber threats and breaches, such situations should be avoided.


As Information Security becomes more prominent in the corporate world, the collaborative roles of CIO & CISO are of utmost importance. Both go hand in hand and requires a mutual agreement in various risk critical decisions to ensure better business continuity and development. They both have the same goal of protecting an organization’s critical assets and establish valuable business ethics.

In the times of COVID-19, when the world has a sudden setback and organizations are preparing for high-risk management, it requires extreme diligence and patience to deal with the current scenarios. The world will be soon dealing with several new cyber-attacks to a great extent and will require proper training of the workforce regarding various business risk and threat management frameworks. Such business critical situations will require strong agreement and teamwork expectations from the C-level executives in the company especially the CIO, CTO & CISO to protect and maintain better business, technology and cyber risk ethics in the organization and play role models in the future for the employees. Hard work, mutual respect and working in oneness is the need of the hour.