An exploration into the requirements and responsibilities of CISO roles: Balancing art with science

Moufida Sadok; Iain Reid

An exploration into the requirements and responsibilities of CISO roles: Balancing art with science

Moufida Sadok, Iain Reid

School of Criminology and Criminal Justice

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Downloads (Pure)

Abstract

This paper presents the results of an investigation into 50 Chief Information Security Officer (CISO) job openings listed by various organisations in the UK from 2022 to 2025, aiming to identify the essential and desirable skills required by employers. The findings indicate a growing demand for both soft skills and
established security certifications, such as the Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM). Furthermore, the requirements and responsibilities emphasise the key role of the CISO in aligning security with business needs, which necessitates a good
understanding of business processes that support the delivery of value, as well as work practices to enhance security engagement in the workplace. This study has the potential to inform future educational and training programmes in security to close the skills gap.

Original language	English
Title of host publication	Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025)
Editors	Marija Topuzovska Latkovikj, Peter Bednar, Mikko Rajanen, Joakim Kävrestad, Helena Vallo Hult, Amany Elbanna
Publisher	CEUR Workshop Proceedings
Number of pages	6
Volume	4134
Publication status	Published - 20 Dec 2025
Event	11th International Workshop on Socio-Technical Perspectives in Information Systems: STPIS 2025 - North Macedonia, Skopje, Macedonia, The Former Yugoslav Republic of Duration: 17 Sept 2025 → 18 Sept 2025 Conference number: 11 https://stpis.org/

Publication series

Name	Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems
Publisher	CEUR Workshop Proceedings
ISSN (Electronic)	1613-0073

Conference

Conference	11th International Workshop on Socio-Technical Perspectives in Information Systems
Abbreviated title	STPIS 2025
Country/Territory	Macedonia, The Former Yugoslav Republic of
City	Skopje
Period	17/09/25 → 18/09/25
Internet address	https://stpis.org/

Keywords

CISO
Soft skills
Hard skills
Information security
Sociotechnical approach
Job description

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

An exploration into the requirements and responsibilities of CISO rolesFinal published version, 1.69 MBLicence: CC BY

https://ceur-ws.org/Vol-4134/

Cite this

Sadok, M., & Reid, I. (2025). An exploration into the requirements and responsibilities of CISO roles: Balancing art with science. In M. T. Latkovikj, P. Bednar, M. Rajanen, J. Kävrestad, H. V. Hult, & A. Elbanna (Eds.), Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025) (Vol. 4134). Article 5 (Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems). CEUR Workshop Proceedings. https://ceur-ws.org/Vol-4134/

Sadok, Moufida ; Reid, Iain. / An exploration into the requirements and responsibilities of CISO roles: Balancing art with science. Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025). editor / Marija Topuzovska Latkovikj ; Peter Bednar ; Mikko Rajanen ; Joakim Kävrestad ; Helena Vallo Hult ; Amany Elbanna. Vol. 4134 CEUR Workshop Proceedings, 2025. (Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems).

@inproceedings{e4e9d55e64f54fd6b65a0675630df1fb,

title = "An exploration into the requirements and responsibilities of CISO roles: Balancing art with science",

abstract = "This paper presents the results of an investigation into 50 Chief Information Security Officer (CISO) job openings listed by various organisations in the UK from 2022 to 2025, aiming to identify the essential and desirable skills required by employers. The findings indicate a growing demand for both soft skills and established security certifications, such as the Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM). Furthermore, the requirements and responsibilities emphasise the key role of the CISO in aligning security with business needs, which necessitates a good understanding of business processes that support the delivery of value, as well as work practices to enhance security engagement in the workplace. This study has the potential to inform future educational and training programmes in security to close the skills gap.",

keywords = "CISO, Soft skills, Hard skills, Information security, Sociotechnical approach, Job description",

author = "Moufida Sadok and Iain Reid",

year = "2025",

month = dec,

day = "20",

language = "English",

volume = "4134",

series = "Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems",

publisher = "CEUR Workshop Proceedings",

editor = "Latkovikj, \{Marija Topuzovska \} and Bednar, \{Peter \} and Rajanen, \{Mikko \} and K{\"a}vrestad, \{Joakim \} and Hult, \{Helena Vallo \} and Elbanna, \{Amany \}",

booktitle = "Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025)",

note = "11th International Workshop on Socio-Technical Perspectives in Information Systems : STPIS 2025, STPIS 2025 ; Conference date: 17-09-2025 Through 18-09-2025",

url = "https://stpis.org/",

}

Sadok, M & Reid, I 2025, An exploration into the requirements and responsibilities of CISO roles: Balancing art with science. in MT Latkovikj, P Bednar, M Rajanen, J Kävrestad, HV Hult & A Elbanna (eds), Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025). vol. 4134, 5, Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems, CEUR Workshop Proceedings, 11th International Workshop on Socio-Technical Perspectives in Information Systems, Skopje, Macedonia, The Former Yugoslav Republic of, 17/09/25. <https://ceur-ws.org/Vol-4134/>

An exploration into the requirements and responsibilities of CISO roles: Balancing art with science. / Sadok, Moufida ; Reid, Iain.
Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025). ed. / Marija Topuzovska Latkovikj; Peter Bednar; Mikko Rajanen; Joakim Kävrestad; Helena Vallo Hult; Amany Elbanna. Vol. 4134 CEUR Workshop Proceedings, 2025. 5 (Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - An exploration into the requirements and responsibilities of CISO roles: Balancing art with science

AU - Sadok, Moufida

AU - Reid, Iain

N1 - Conference code: 11

PY - 2025/12/20

Y1 - 2025/12/20

N2 - This paper presents the results of an investigation into 50 Chief Information Security Officer (CISO) job openings listed by various organisations in the UK from 2022 to 2025, aiming to identify the essential and desirable skills required by employers. The findings indicate a growing demand for both soft skills and established security certifications, such as the Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM). Furthermore, the requirements and responsibilities emphasise the key role of the CISO in aligning security with business needs, which necessitates a good understanding of business processes that support the delivery of value, as well as work practices to enhance security engagement in the workplace. This study has the potential to inform future educational and training programmes in security to close the skills gap.

AB - This paper presents the results of an investigation into 50 Chief Information Security Officer (CISO) job openings listed by various organisations in the UK from 2022 to 2025, aiming to identify the essential and desirable skills required by employers. The findings indicate a growing demand for both soft skills and established security certifications, such as the Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM). Furthermore, the requirements and responsibilities emphasise the key role of the CISO in aligning security with business needs, which necessitates a good understanding of business processes that support the delivery of value, as well as work practices to enhance security engagement in the workplace. This study has the potential to inform future educational and training programmes in security to close the skills gap.

KW - CISO

KW - Soft skills

KW - Hard skills

KW - Information security

KW - Sociotechnical approach

KW - Job description

M3 - Conference contribution

VL - 4134

T3 - Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems

BT - Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025)

A2 - Latkovikj, Marija Topuzovska

A2 - Bednar, Peter

A2 - Rajanen, Mikko

A2 - Kävrestad, Joakim

A2 - Hult, Helena Vallo

A2 - Elbanna, Amany

PB - CEUR Workshop Proceedings

T2 - 11th International Workshop on Socio-Technical Perspectives in Information Systems

Y2 - 17 September 2025 through 18 September 2025

ER -

Sadok M , Reid I. An exploration into the requirements and responsibilities of CISO roles: Balancing art with science. In Latkovikj MT, Bednar P, Rajanen M, Kävrestad J, Hult HV, Elbanna A, editors, Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025). Vol. 4134. CEUR Workshop Proceedings. 2025. 5. (Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems).

An exploration into the requirements and responsibilities of CISO roles: Balancing art with science

Abstract

Publication series

Conference

Keywords

UN SDGs

Access to Document

Fingerprint

Cite this