Job Description: What Does a CTO do?
A Chief Technology Officer (CTO) is part of the executive-level management team and leads the definition of the company’s Information Technology strategy, as well as manages the programs which deploy and operate that technology. Responsibilities include budgeting, setting policy and oversight for all information assets, including communications, development, applications and infrastructure policies and procedures. The executive nature of the job requires that this individual also maintains ongoing alignment with the company’s overall strategic direction.
CTO Job Responsibilities & Duties
For a large enterprise, the CTO or his /her direct reports may be responsible for some or all of the following. As with any position, the responsibilities will vary depending on the company business model, products and size:
- Direct and approve the design of all IT infrastructure, software and communications systems, including email and internal communications systems;
- Establish governance of all IT activities, including review and approval of all IT policies, controls and incident response planning;
- Maintain a current understanding technology trends and platforms, including social media and the IT threat landscape for the industry;
- Use this knowledge to participate in evaluation of potential technology shifts or purchases;
- Present and champion the company’s technology strategy to management, staff, customers, and other stakeholders;
- Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget;
- Collect, size and prioritize requests from other departments and divisions across the company for IT support;
- Manage the implementation of IT systems and their effectiveness in meeting business unit needs;
- Provide top-level management for all IT employees, vendors and contractors;
- Manage and set priorities across the Technology programs and operations within budget and completion targets;
- Provide training and mentoring to all direct reports and other managers;
- Ensure that quality assurance is optimized, within cost constraints;
- Ensure that application deployment, change control and issue management processes are defined, communicated, executed and audited;
- Oversee frequent risk management reviews and provide necessary support for prevention and mitigation actions;
- Establish appropriate metrics, including web analytics, for all IT to assist in effectiveness evaluations and business value decisions;
- Optimize all corporate IT operations, including sales support, financials, HR and customer service and support;
- Ensure a complete security plan is in place which protects the availability, integrity and privacy of the IT infrastructure and the data stored and communicated;
- Ensure that disaster recovery and business continuity plans are in place and tested;
- Provide input to identity and access policies and review them periodically;
- Review investigations after security breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities;
- Ensure compliance with the changing laws and applicable regulations regulating security and data protection;
- Translate that knowledge to identification of risks and actionable plans to protect the business;
- Schedule periodic security audits;
- Oversee identity and access management policies;
- Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced; and
- Communicate recommended improvements, best practices and risks to all parts of the business, outside IT.
Generally the CTO will take a management role to implement these responsibilities. For a smaller enterprise, the CTO may be involved in execution of some or all of these measures or provide oversight for vendors.
· Certified Security Analyst (ECSA)
CTO Soft Skills
Successful CTO’s must have the leadership and people management skills to both manage everyday operations and take their companies forward. They must be able to understand multiple complex systems and technology in a constantly changing threat environment, including managing risk and monitoring trends to stay ahead of the dangers to the environment they protect. All plans and ad hoc responses must dovetail with the company strategy and budget.
To do this they need:
· Proven executive management abilities based on education and prior experience;
· Ability to advocate for the IT staff;
· Collaborative communication skills at both the management and staff level.
· Leadership to identify and sell corporate IT strategy and programs;
· Ability to balance highly dynamic demands and priorities.
Excellent communication, documentation and presentation skills will speed acceptance and support for their recommendations and plans.
A flexible, organized work style is necessary to balance the need for comprehensive, detailed analysis against the instances where they must respond quickly to crises which arrive without warning. The CTO must grasp the issue or problem, identify a resolution plan for the staff and execute quickly.
CTO Degree & Education Experience
Generally, a BS/BA in computer science, engineering, business administration or related field is required for this position. A graduate degree in a computer field or an MBA, as well as specialized training and professional certifications, may also be required, but are always a plus.
CTO Work Experience
These executive positions will usually require at least 10 to 15 years experience in IT and management roles, with a minimum of at least 5 in IT management.
The following are some of the hard skills which are required, or useful, depending on the type of work being done. The CTO needs at least a broad knowledge of the following:
· Business theory, business process development, governance processes, personnel management, budgeting, and administrative operations;
· Information Technology architecture and system administration skills;
· Network security including TCP/IP, communication protocols and vulnerabilities;
· Technical knowledge of different types of hardware, storage, imaging and file system analysis;
· Applicable regulatory compliance knowledge, including HIPAA, SOX, PCI, NIST and GLBA;
· Understanding of Federal, State and Local laws concerning data acquisition, protection and transmission;
· Information Technology Infrastructure Library(ITIL), COBIT, ISO and other applicable IT management methods and toolsets;
· Standard enterprise and personal computer operating systems, such as Windows, Linux, Mac OS and UNIX;
· Familiarity with multiple software types at the application and enterprise levels;
· Mobile operating systems, applications and security protocols;
· Protection systems against malware, hacking and other threats;
· Secure practices in coding for standard languages, such as C, C++, Java and others;
· Some experience, skills or training in the applications, language, tools and technology in scope, such as C#, .Net, Java script, HTML and SQL;
o Coding or web application development;
o Knowledge of Internet protocols and standards, database management systems (DBMS), and security for all systems;
· Security vulnerabilities and risk management.
· Policies and procedures for secure computing;
· Risk assessment and management;
· IT audit and forensics knowledge;
· Budgeting and financial skills; and