Why CHROs, CIOs and CISOs should be working together
Corporate strategy increasingly depends on information and talent management, which is why it’s vital for information and HR executives to form strong leadership partnerships.
According to Gartner’s "2019 CEO Survey: CIOs Should Partner With CHROs to Bridge the Digital Talent Management Leadership Gap" (April 2019, available to Gartner subscribers): “the confluence of CEOs’ current strategy delivery needs with long-term talent headwinds means the time is right for CIOs and CHROs to pool their expertise in a leadership partnership. In this alliance, each ‘completes’ the other’s gaps, and they jointly drive the enterprise’s talent management efforts.”i
Further, “digital business is not only accelerating and deepening change, but also blurring traditional intraenterprise boundaries in ways that place intense pressure on any leader’s ability to keep pace alone. Thus, the ideal CIO-CHRO partnership needs to be mutually reinforcing, both teaching to and learning from each other.
The CHRO, of course, brings to the table a wealth of experience in traditional talent management, including acquisition, training, retention and compliance, while the CIO brings an in-depth understanding of enabling technology and digital transformation opportunities.
Neither role can address all of the CEO’s demands alone, and neither the CHRO nor the CIO has the time or resources to develop all of the skills these efforts need. But by working together via a complementary relationship that builds on each other’s strengths, they can enable strategy execution within a digital-era context that will continuously challenge talent norms.
Addressing talent management challenges
One of the biggest challenges facing chief information security officers is the shortage of skilled workers in the cybersecurity fields, according to Lila Rajabion, PhD, assistant professor and coordinator of the MS in IT Program at Empire State College, State University of New York. This makes it more difficult to recruit and retain skilled cybersecurity staff.
“There are many positions in the field and lack of enough talent,” laments Rajabion, who’s also a member of the Women in CyberSecurity trade group. “So they have lots of opportunity to move to another company that promotes them as well as improve their pay and provides training.”
The CHRO can engage the CISO to:
- Rewrite job descriptions to be more compelling and develop a recruitment strategy targeted to cyberexperts.
- Integrate more AI and machine learning into the hiring process to identify top candidates faster.
- Promote corporate culture and employee recognition more effectively. “Creating a positive atmosphere can help with recruiting and retentions,” she notes.
Tackling technology and data protection challenges
"The Changing Face of HR," a recent report by Sage, found that 57% of HR leaders encounter resourcing restrictions when investing in new technology. It’s no surprise then that 43% of CHROs think their organizations won’t be able to keep up with changes in technology over the next decade, including advances in cybersecurity and privacy. Additionally, only 25% identify as tech-savvy.
These data highlight the opportunity for CISO and CIOs to work with CHROs:
- Provide data and rationale to support the CHRO with budget requests for technology purchases and free up more resources for upgrading and securing HR technology, including AI and data management.
- Ensure employee data is secure by working together to update security policies, plan for disaster recovery and investigate potential email policy violations by employees. “CISOs can review the company's security procedures, and look at the personal information [risk] and monitor the encryption policies for stored and transmitted data,” Rajabion explains.
“One of the main responsibilities of CISOs is to make the employee more aware of security issues such as malware and phishing and help them to adopt best practices,” Rajabion notes. “CISOs need to work with CHROs to design ... and implement the information technology and security education of the workforce.”
- Revise information security policies are to make sure they’re clear and enforced.
- Share the latest cybercrime tactics with employees to improve their awareness through emails and trainings.
- Plan scheduled and surprise drills to help employees stay sharp.
Collaborating for career and organizational success
Working together, the CISO and the CHRO can raise their individual profiles and influence within the organization and ensure the cyber-readiness with sufficient staff, technology investment and training.
“The CISO brings the systems expertise to the company,” Rajabion notes. “The CHRO can point to behavioral issues or what the risk will be from a people perspective, both of which can be very beneficial for the company.”