Team Membership, Chair, and Meetings

Team Membership

Team Selection: The Chief Executive and the Information Security Manager (ISM) identify the team members.

Selection Criteria: Given the above Mission, Goals and Objectives, the team needs to include members at an executive level of authority. The team also must be sufficiently broad so that all staff and vendors are in a management chain led by a member of the team, i.e., every staff member and vendor is ‘represented’ by a member of the team. Vertically, the team must extend upwards to executive levels and horizontally, there are to be no ‘orphans.’

Required Team Members

Information Security Manager (ISM)
Chief Financial Officer
Highest-ranking IT person: CIO, CTO, Director of IT, IT Manager
Chief Risk Officer (if present)
Chief Legal Officer (if present)
If highest-ranking IT person is not an Officer, then the person to whom the highest-ranking IT manager reports

Additional Team Members

Other Team members are to be selected as appropriate to the organization’s size and organizational structure. These may include

Chief Operations Officer
Director of Human Resources
Other Department Heads: Sales, Marketing, Manufacturing, etc.
Partner-in-Charge of Administration (in a professional services firm)
Head of the Technology Committee (in a professional services firm)
Director of Development (in a non-profit)

Subject Matter Expertise

The Team is to include, or be supported by, information security subject matter expertise.

The Team is to have available, using as appropriate, subject matter experts in leadership and culture.

Team Chair

The ISM chairs the Information Security Management & Leadership Team.

Team Meetings

The Team is to meet at least monthly.