What is fair compensation for a chief information officer (CIO) or chief information security officer (CISO)?
Organizations must ensure that salaries are in line with other executive compensation in the organization. Candidates have to research the organization and ask questions to find out how the offer compares with what other company executives are making.
For the CIO job, where the position reports will define both the true nature of the position and the level of compensation. If, for example, the position reports to the chief financial officer, you will not be a member of the cabinet and your salary is likely to be significantly less than the CFO's pay. This is most likely a director of IT position dressed up with a CIO title. Probably the organization views IT as a cost center rather than as a strategic asset driving revenue. Ask why the CIO reports to the CFO. You may very well find that other C-level executives drive technology decisions and your job is to simply run, support, or integrate these systems -- an operational and not very strategic role.
Some time ago, when I was grappling with this issue, a CFO friend showed me GuideStar.org, a valuable resource he used to judge whether the salary offered was fair and comparable to other C-level executives in the organization. This free Website contains the IRS Form 990 filings for the past three years for non-profit organizations. The database includes most universities, religious organizations, healthcare organizations, public and community services, as well as charity organizations.
The IRS 990 filings provide information on the financial stability of the organization as well as compensation for its highest paid people. This data is very valuable in figuring out whether the salary offer for one position is comparable to other executives' pay. Check the filings for all three years to estimate future salary increase potential by looking at the organization's past history of increases.
If a CIO will be a member of the president’s cabinet and your offer is significantly lower than other executives', asking about this disparity will often reveal interesting information, which may cause you to have second thoughts about the position. In one case, an organization offered the CIO $50,000 less than the CFO. After questioning, the organization revealed that although the position was a member of the president’s cabinet, officially it dual-reported to two other C-level executives -- one of which was the CFO. Not a very comfortable setup!
In the case of a CISO, the offer should be comparable to the CIO's compensation. Organizations -- and candidates for the CISO role -- need to know that the CISO carves out the most complex technical, policy, and operational responsibilities of the CIO in all IT and systems areas. This complex position will require an extremely strong technical, policy, and people management background -- usually more complex than the CIO role. The role also carries with it a high level of career risk compared with all other IT positions within the organization.
The position deals with all parts of the organization. The CISO requires a solid background in all technical areas, including challenging industry certifications. The person will need to be familiar with compliance requirements for applicable security and privacy laws along with a strong background in risk management principles. The CISO also needs strong communications and leadership skills because areas and people influenced will not report to the position. The CISO will manage hundreds of projects and deal with security audits and incidents.
Sometimes an organization will hire a CISO as a true partner for a CIO. It might be defined as a deputy CIO role. At times, the person will be hired to shield others and to serve as the person to be blamed in the event of a major security incident. For a CISO candidate, it will be very important to assess whether this is the case during the interview process. Ask the question: Who is responsible for security in the organization? If the answer is the CISO, that is a warning sign. If the answer is everyone in the organization, you are dealing with an organization that has a better understanding of this role.
— Mansur Hasib has served in CIO/CISO and other leadership roles in the public, private, and education sectors.
I think that both CIOs and CISOs should have fair salaries when you consider the work they putting into something. Their jobs take a lot of knowledge and skills that not everyone has, hence why I think so many are paid highly to begin with. However, with that being said they shouldn't be paid a million dollars for their line of work either.
Although a look at Guidestar reported salaries might be of some help I'm not so sure it reflects reality. Since Guidestar is reporting non-profits, there's going to be some differences between real world profit companies and the non-profit world.
And leaping through all the data on Guidestar can be a challenge, searching for the companies, and then looking at the multi-page IRS reporting forms.
Without some real life data it's going to be hard to negotiate with employers for most folks. Do we need an "agent" like sports stars and celebrities to bargain for pay now?
History has proven that you don't need to be very technical to have a successful IT company. If anaything, they should be very dynamic and able to learn, adapt and see beyond the obvious.
Regarding salaries, it has to do with the market for the people that can fill that position. Think of a CFO-type employee, they can probably look for other jobs in Wall Street, big banks, etc, which have higher salaries than average.
The Techie vs Non-techie CIO debate is always a long and winding one. Bottomline though, i think the CIO job is indeed largely political because the CIO must learn tricks of getting funds from the CFO and convincing the whole C-team to accept change and implementation of new systems. The individual himself or herself must also have a good technical understanding of things to avoid being the clueless manager that always gets cheated.
Essentially I call it team-building, relationships and promoting the organization. The CIO is the IT strategist - developing the shared vision with other stakeholders. Then as you stated sets the tone and direction for the IT organization. But no one can do it alone - CIOs need talented and creative people around them as well to execute the vision. The CIO role itself should not be an operational role.
The skills set required for being a CIO has certainly changed. It seems these days, they don't only need to be in charge of the technical side of things, but have to be on top of the political side as well. Unfortunately, I've seen many CIO/CTO's end up having to do more politics than actual managing of technology. I get it, they have IT managers under them for that, but greatness tends to start from the top down.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
In all my years interacting with CFOs, I have not met one who actually understood IT -- not that I expected them to.
Why, then, do I continue to see ads seeking a strategic CIO who will report to the VP of Administration and Finance or the CFO? Sometimes ads are slightly better: CIOs report to the Chief Operating Officer. Those conducting the recruitment will sagely say: “The CIO will have complete empowerment and access to all cabinet members and the president.” However, these organizations appear to lack an understanding of the role of the CIO and the CFO.
After observing and writing about CEOs who do not leverage their CIOs to propel their organizations forward, it was very refreshing to learn about the great CEO/CIO partnership at Kaiser Permanente at this year’s World Health Congress held in Maryland.
Despite an initial round of federal funding to develop state health information exchanges (HIEs) as part of Obamacare, these clearinghouses were challenged to develop a financially sustainable model. Because it addressed sustainability early, the Delaware Health Information Network is viewed by many as a template for HIE success.
It began as a relaxing visit with my college buddy and his family. It became a glimpse into the technology-enabled future of worldwide collaboration in engineering.
True story: Despite the HITECH Act of 2009, the CEO of a major urban hospital continued his institution's policy of not hiring a CIO or CISO. Like many others, he took a wait-and-see attitude, even though HITECH strengthened the enforcement of healthcare security and privacy laws, and provided financial incentives for healthcare organizations to adopt electronic health records and information security.
Cisco's rumored sale of Linksys suggests we may have problem with innovation and profit at the edge of our Internet, and that could be critical to the evolution of many Internet-delivered services.
The very low-tech "scrum" project technique introduces "crowd talking" to projects and also sets the entire crowd to problem solving. So far, these new social-media-style meetings appear to have supercharged project execution.
As enterprises leap into the Web 2.0 world of blogging, commenting, and social networking, just 'being there' won't deliver ROI. You may want a 'Web Evangelist' to systematically harvest the feedback in order to polish your product or service.
More companies are trolling social networks to find and vet potential job candidates. Beware the pitfalls of blurring the line between personal and professional lives.
Big-data has become a big point of emphasis for many businesses. While the technology is available to deploy these applications, the needed personnel often is not. As a result, analytic engineers' salaries have blown past the six-figure mark, and hiring these experts has become a challenge for IT managers.
New tools like laptops, tablets, smartphone, and wireless connectivity let us work from San Diego to Katmandu, and anywhere in between. But time management remains a problem.
Showing results is the best way to win over social business doubters, according to Mary Maida, Medtronic lead information solutions manager. Internet Evolution's Mitch Wagner interviewed Maida at the E2 Innovate conference.
Software-defined networks, which deliver virtualization functions to enterprise networks, have the potential to dramatically change network design and significantly reduce costs and maintenance.
Companies need to take advantage of new technologies to simplify interfaces, improve capabilities, and enhance back-office processes. But they can't upgrade their Websites too often.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
