Competency Profile for the Role of the Chief Security Officer

Role of the Chief Security Officer

Chief Security Officers (CSOs) are at the forefront of departmental security, and act as strategic security risk advisors to the Deputy Head of an organization. The variety of security experience is particularly beneficial for aspiring managers and or executives.

The CSO of an organization is responsible for establishing a security program to ensure the security and integrity of people, information1, individuals and assets from perceived and/or known risks, threats, and actions that could prevent the effective and secure functioning of an organization. To do so, the CSO plays a lead role in advising senior management on security compliance with government legislation, policies and strategies. Additionally, CSOs bring forward proposals to strengthen the security culture and program of an organization, rooted in the sound and effective implementation of the Policy on Government Security and its eight (8) controls2. A strong security program is one that is integrated into all the business lines of an organization to ensure that security risk management is entrenched at the base of its decision-making process, operations and service delivery.

Competency profile




Attributes

This section provides a link to the Federal Public Service Key Leadership Competencies, as well as additional attributes that may be added to the role of Chief Security Officer as required by organizations to adequately support their respective work environment and mandate:

  • Engagement, collaboration and client-focus - Build and sustain strong and effective working relationships across an organization and with key stakeholders to ensure security is woven into all programs, processes and procedures of an organization to support their effective and efficient delivery, and that it is also incorporated and considered at the onset in an organization’s risk assessment and resulting plans. Translate security requirements into corporate language to achieve buy-in and collaboration to implement effective security strategies.
  • Strategic and analytical thinking and creative problem solving - Assess risks, analyze complex security issues and develop appropriate solutions to develop, implement and manage a solid security program based on the broader impact and alignment with organizational and Government of Canada priorities, and based on strong knowledge of the machinery of government.
  • Self-management - Remain reliable, flexible, and calm to be effective in the face of stress factors, and maintain focus on, and be cognizant of, all aspects of a given situation, while considering the impact of any actions taken when leading a team to achieve a common goal.
  • Living the values of integrity, respect and trust - Be an agent-of-change who promotes and embraces diversity and inclusion, and works to eliminate barriers; and treats every person with respect, dignity, and fairness, and in so doing help build and maintain trust in GC security, and a strong security culture.
  • Judgment – Understand the risks facing the organization and the delivery of its services to Canadians, and act accordingly to minimize their impacts.
  • Ability to hold a Government of Canada security clearance.

As leaders in the Public Service, CSOs are also expected to demonstrate the Federal Public Service Key Leadership Competencies.

Notice to users

In using this competency profile, officials should consider their organization's mandate, key business lines, risk profile, response capabilities, location, and other factors specific to their organization.

As per the Policy on Government Security (PGS), a Deputy Head is required to designate a Chief Security Officer to provide leadership, coordination and oversight for departmental security management and related security controls. It should be noted that Chief Security Officer is not a position, but a role that is often assigned to an executive responsible for corporate functions, including departmental security. Although this competency profile may be leveraged by organizations as required to define the role of executive positions responsible for departmental security, it is not intended to constitute an official job description and/or statement of merit criteria.

The profile was produced in consideration of the Policy on Government Security (PGS) of the Government of Canada (GC), and other related policies as they pertain to the GC security career paths such as the Policy on Service and Digital for the information technology security sub-group. Where required, provisions of the Privacy Act have been considered. In case of any discrepancy between the content of the profile and the Privacy Act, the PGS or any other applicable policy or legislation, the latter prevails. It is the responsibility of users to perform the due diligence necessary to ensure that their use of the profiles is compliant with applicable legislation and GC policies, at the time of use. This profile is intended to remain evergreen. If you identify any elements that should be updated or corrected, please contact the Security Centre of Excellence.

As it pertains to the Information Technology Security control of the Policy on Government Security, and given its complementary, and sometimes overlapping nature with cyber security, this competency profile should be used in conjunction with the Canadian Cyber Security Skills Framework. Distinction between ‘information technology security’ and ‘cyber security’ is understood to be, in the GC, as follows:

  • Information technology (IT) security is the discipline of applying security controls, security solutions, tools and techniques to protect IT assets against threats from compromises throughout their lifecycle. IT security focuses on the security of both electronic data assets and physical IT assets.
  • Cyber security refers to the security of the transmission of electronic data and information across cyberspace. It covers the technology, processes, practices, and response and mitigation measures designed to protect electronic information, data and information infrastructure from mischief, unauthorized use or disruption in cyberspace. Cyber security complements IT security, and operationalizes the IT security controls set out in subsection B.2.3 of Appendix B of the Directive on Security Management.

Ultimately, the goal of both cyber security and IT security is to preserve the confidentiality, integrity, availability, intended use, and value of electronically stored, processed, or transmitted data and information.

To note: As part of the Departmental Security Career Paths initiative of the Professionalization Framework, the first tranche of work consists in establishing four (4) departmental security career paths and their respective sub-groups, and showcase their many career opportunities, from entry-level to chief security officer positions, through diversification and/or specialization of experience. This information is now housed on the SCoE webpage of the Privy Council Office (PCO) website, as well as on the Jobs in National Security and Defence webpage, and links to the related job postings across the public service. The second tranche of work consists in the development of competency profiles for each security career path and their respective sub-groups. This includes the identification of key activities, knowledge, skills, and attributes required to pursue a successful career in departmental security. The third tranche of work consists in a Learning Inventory to identify existing developmental and accreditation programs for each security career path and their respective sub-groups (available only to public servants). This competency profile and fourth tranche of work consists in establishing a Chief Security Officer (CSO) Competency Profile to provide suggested key activities, knowledge, skills, attributes and suggested learning tools and resources to support CSOs in the successful delivery of a solid security program.

Page details

Date modified: