Information Security Management Expert (Incl. Exam S-ISME) - Virtual

The CISO job is no longer just to protect against threats and manage risk; they are now expected to play a crucial role in managing brand perception, employee engagement and the strategic adoption of new technologies driving revenue and further growth. In paradox, the huge paste of digital transformation and scale and complexity of threats has driven Security Leaders to become more business savvy now that security is entering the boardroom level. The growth path towards becoming a Cybersecurity Leader that acts as a partner for business has changed, adding the roles of Leader, Strategist and Change Manager to the existing Expert role. The CISO 2.0 Program was designed based on this evolution: Participants will move from managing towards leading security into the organization, from technical- and risk based- to business aligned security, from adapting to influencing stakeholders and building strong allies, and dive deep into the management side of security, how business works and why and how security is important for it. Developed by a group of renowned security leaders and reviewed by an industry veteran that advises Board Members, the program offers a unique blend of the practical-, leadership-, management- and business skills required from the CISO 2.0.

This course is taught entirely in English.

CISO Certification course – Information Security Management Expert 

• 5 days
• Align security with business. The different ways security can be structured in an organization, the impact on the CISO role, mandate and stakeholder influencing strategies.
• Identify major flaws in security organization design. Understand the crucial role of Security Operating Models as the bridge between strategy and execution. Practice alignment with value driven strategies and operating models from business and IT.
• Govern, align and lead cyber security into an organization. Create strong allies with compliance and assurance to have everything in line with regulatory and legal requirements.
• Position the CISO as a trusted strategic advisor. Build a strong information security team and organisation with appropriate funding and executive support.
• Lead cyber security vs being lead (as mostly done today). Communication ways, reverse psychology vs direct communication. Create a compelling story instead of denying projects because of security concerns.
• Create an inventory of your business and IT strategy. Describe key elements of existing IT-governance processes.
• Practice effective Risk Management, countervailing powers in an organization, successful implementation of risk management and responsibilities in a 3 lines of defence model. Challenge the 3 lines of defense model with Dynamic Risk Governance Principles.
• Practice the impact of agile way of working on the security organization and controls.
• Practice cybersecurity strategy development as a change management process to develop an implementable information security plan with realistic targets and goals. Define resource planning and budgets. Create a business case.
• Manage information security in operations, programs, projects, supply chains,  geographical locations, business units and in an agile organization.
• Practice C-Level involvement. Report to the board and external stakeholders.  Obtain a seat in the board, at least once or twice a year. Define relational mechanism’s, how to discuss with board members / CEO in an unformal manner.
• Evaluate the cyber function in the context of Risk Appetite, the role of digital transformation and Maturity levels in different types of organizations. Evaluate typical CISO Leadership competences and opportunities to grow. Identify your leadership style and create your personal development plan.
• Define a problem to solve for your organization. Walk away from the course with a strategic plan and a personal development plan.

What’s included

• Official SECO-Institute course materials and reference literature
• 5 days of training from 9am-5pm CET, spread over a period of 4 months
• 2-hour introduction & workshop ‘create your problem statement’
• 1:1 support on your research paper and business case during and after the program
• Guidance and support from an exceptional group of cyber leaders
• Working in small classes with highly motivated peers
• A validated business alignment strategy/business case
• A personal leadership development plan with opportunities to grow
• Alumni Membership with access to SECO’s international CISO Certified Network

Who is this course for?

Typical participants include but are not limited to CISO’s, Information Security Officers, (Cyber-) Security Managers, Security Consultants, Security Operations Managers, Information Technology Risk Managers, Information Technology Governance Managers and Risk Advisories that integrate this course in their high potential talent programs. The program also attracts CIO’s, IT Managers and Cyber Risk Owners from business, adding additional value to group dynamics. At the end of the day, security needs to know more about business….and business more about Security!

Minimum Requirements:

Participants are expected to have 2 years of experience at the tactical level with a solid understanding of Governance, Risk and be familiar with Maturity Models and Frameworks. Previous trainings could include CISSP, CISM, C|CISO, Information Security Practitioner or similar. Equally important, the setup of the program requires a general level of seniority, an open personality and mindset, and the willingness to continuously challenge and improve yourself. The success of the program and your training heavily relies on group dynamics and enabling you to connect, work with and learn from your peers. When in doubt if this is the right program for you, please connect with us.

Syllabus

• Day 0 – Introduction with all students and trainers
• Module 0 - Online Live introduction with all trainers (2 hours)
• Day 1 – CISO & The Security Organization
• Module 1 - The CISO and the Security Organization
• Day 2 – Leadership
• Module 2 – CISO Leadership
• Day 3 – Govern, align and organize security
• Module 3 - Govern, align and organize security
• Day 4 – Information security and risk management strategy
• Module 4 - Develop your Information security and risk management strategy
• Day 5 – Managing Information Security, Evaluation and Reporting to the Board
• Module 5 - Managing Security in Operations
• Module 6 - Security Finance
• Module 7 - Reporting to the Board
• Module 8 - End of training, prepare for your assignment and exam
• Collect your badge of honor
• Exam
• Join our Alumni Network