CISO (Chief/Corporate Information Security Officer)

Corporate Information Security Officer

If a company wants to achieve its business objectives, reliable data processing is key. In addition, companies in all kinds of sectors want or need to comply with an information security standard, like ISO 27001, or a derivative like the BIO, NEN 7510 or another standard. This entails a variety of obligations and activities. Companies need someone who is knowledgeable about those obligations, who understands companies and risks, and who steers information security. This someone is the CISO.

What is a CISO?

The CISO – Chief/Corporate Information Security Officer – is the person who drafts policies and provides the company with information security frameworks. Depending on the size of the company, the CISO’s duties range from providing direction to assisting in structuring information security issues. In addition, the CISO may have a supervisory role with respect to a company’s data processing operations. The CISO is responsible for matters like developing and implementing information security policies and assisting in or carrying out risk analyses. The CISO is also involved in handling data breaches. Many companies struggle with finding a proper candidate for this role.

What does a CISO do? 
A CISO’s duties and responsibilities are diverse and should be properly tailored to every company. These duties and responsibilities include, in any event, implementing an information security organisation, carrying out or assisting in risk analyses, declaring that certain measures are applicable as well as implementing them (or assisting in implementing them), as well as reporting on the statu of information security. The CISO has knowledge of the company and risk management and works with process owners to reduce risks to an acceptable – predefined – level.

Larger companies often apply a decentralised approach with (for example) ISOs or ambassadors for different departments. Coordinating this decentralised approach is also part of the CISO’s duties, and this requires knowledge of the company and a high degree of organisational sensitivity.

Our CISO services

Cuccibu fulfils the role of CISO or ISO for many companies, including government agencies, healthcare institutions, educational and care organisations, as well as commercial organisations and start-ups. Cuccibu can do this on an interim basis, for example as a temporary replacement or as a coordinator, but also on a more permanent basis. In the latter case, we would apply our CISO as a Service, which would completely unburden your company in terms of filling the CISO or ISO position. Our consultants are experienced in pragmatically filling the CISO and ISO role while still paying attention to business objectives and added value.

As the CISO is often the role that builds the company, we can also perform a mandate on a project basis, or on an obligation-of-result basis, for example in the form of an Information Security Project Leader. This role can take the company to a certain level or set up the entire Information Security organisation. Of course, we can also deploy our experienced CISOs to coach your company’s CISO.

Not interested in a fixed position? Cuccibu can also act as a remote CISO: in that case, we would assume a yet to be determined number of hours per month during which you can send questions to a Cuccibu contact if the need arises. Additional support will be on standby.

Wij zijn Cuccibu

Interested or have any questions?

Please feel free to contact us via We would be happy to help you find the solution that best suits your company’s needs.

“We believe that you create added value through secure and responsible digitisation. This leads to opportunities for individuals, companies and society as a whole.”