The role of CISO carries a growing weight of responsibility attached to an information security threat scape that is growing ever more extreme.
Appoint with CARE.
Firstly consider re-engineering the role of the CISO into something that is realistically specified. This is usually tricky because security, particularly for small and medium sized businesses, is not a well-developed function and besides there are precious few executives in the business to pass pieces of the role to.
And / or (at least) use a proven benchmarking tool to prompt senior management to capture the CISO brief for your company relative to what others have appointed (most successfully) then use the view captured to inform the search. Four years of developing a model means that the Ascot Barclay Group have such a model that is now well proven. We call it CISO Finger Printing. The Finger Print captures a view of the CISO against 13 core traits.