CISO and CTrO: A model for a working partnership?
As customers, partners and regulators demand greater openness and assurance, those in the role say building trust — not just security — is the answer. Trust is touted as a differentiator for organizations looking to strengthen customer confidence and find a competitive advantage. Trust cuts across security, privacy, compliance, ethics, customer assurance, and internal culture. For the custodians of trust, that’s a wide-ranging remit without the obvious definition of other C-suite roles.
Typically, the CISO continues to own controls and protection, while the CTrO broadens the remit to reputation, ethics, and customer confidence. Where cybersecurity reports to the CTrO, it is a way to escape IT and the competing priorities with the CIO. This partnership repositions security from ‘department of no’ to business enabler, Forrester notes.
Vinay Patel, Zendesk’s chief trust and security officer, agrees that the role aligns trust with business strategy. “A CISO protects systems. The chief trust officer is really protecting confidence. One is safeguarding the company, and the other is safeguarding its credibility,” he says.
