Over the past year, our country has experienced many challenges which have significantly impacted Chief Information Officers and the role they play in privacy and data security within organizations. Events including the terrorist attacks of September 11th and corporate scandals such as the collapse of Enron, WorldCom and Arthur Andersen have all heightened the measures companies take to secure their data. In light of these occurrences CIOs, now more than ever, should be aware of the new challenges:

1. Thoroughly assessing the integrity, credibility and accessibility of current and historical information of the organization;
   
   
2. Ensuring regulatory compliance of ISO17799 standards, HIPAA regulations, the Gramm-Leach Bliley Act, along with new SEC mandates;
   
   
3. Reinforcement and championing of the checks and balance process;
   
   
4. Preparing the organization for accurate disclosure of financial and regulatory information; and
   
   
5. Ensuring detailed plans and contingencies are in place to guarantee scalable, fault tolerant data center ability including disaster recovery plans, change control procedures, network redundancy, data security standards, technical infrastructure standards, fire wall and encryption policies.
   
   

Organizations should not just assume they meet safeguard rules simply because they have a security program or have taken steps to implement security measures. Rather, they should begin to review the security programs with the obligation being to ensure the program adequately supports its privacy objectives and related information management controls. This should be combined with various regulatory compliance and impact assessments.

As CIOs, you must re-evaluate the present safeguards for privacy and data security of your organization. Further, you should formalize an information security program if this is not already in place. This program should be a written, coordinated document across all business functions, which describes program elements. Such program elements should identify and inventory policy and procedures for the security program. In addition, documentation of information management roles and responsibilities or designations of an employee (i.e. Chief Information Security Officer - CISO/Chief Security Officer - CSO) to coordinate the organization’s information security programs is a must.

Assigning security management to a single individual better prepares your organization against potential threats. As such, if your organization is looking to acquire a security professional, keep in mind this individual must work across the internal and external risks to the security privacy and integrity of data to prevent misuse, alteration, unauthorized disclosure, destruction, etc. of such information and assess safeguards to control risks. Specific duties of a CISO/CSO include:

1. Formulation of a comprehensive information security strategy. Ensure that a clear concise plan, including scope, approach, benefits realization, is developed in order to deliver to the IT Policy Board and the Executive Board the Information Risk Management (IRM) vision and objectives.
   
   
2. Development of an IRM governance structure for appoval and decision making. Ensure all major policies and initiatives are steered through these committees for endorsement and approval.
   
   
3. Help significantly raise the level of the organization’s awareness and understanding of our business heads of the importance of IRM within all aspects of the business and ensure that all future strategies and plans have IRM built into their foundation in order to help achieve the Executive Board’s vision.
   
   
4. Development and coordination company-wide information protection awareness programs and communicate security strategies and status to management. Must communicate and deliver risk assessment and impact to executive group. IRM is a company-wide issue...not just technical.
   
   
5. Leadership and management the implementation of the necessary controls and procedures to cost-effectively protect information assets from intentional or inadvertent modifications, disclosure or destruction. Ensure compliance with policies, procedures, standards and guidelines. This includes access controls and restrictions, encryption, control procedures, intrusion detection, penetration testing, incident response and disaster recovery processes.
   
   

It is ever apparent in today’s market that to be successful, a CIO must develop a set of skills extending far beyond the tech savvyness the profession required years ago. Climbing up the corporate ladder to join others at the executive table is more realistic than ever, however for a future CIO to be truly successful one must take charge of their careers early on prior to taking on the challenge. So how is that done?

With the help and advice of Roy Cashman, an MWC Network member and former candidate, we have sourced a list of tips to aide, both, newly appointed CIOs and those individuals climbing the IT ranks. Roy Cashman is intimately familiar with Information Technology, having been in the field his entire professional career. In November 2001, Roy was hired at Ruan Transportation Management Systems, a transportation management company. As CIO, Roy has complete responsibility for all of Ruan’s IT capability. Prior to Ruan, Roy served as Senior Vice President of Applications Development for Information Resources Inc., a leading sales and marketing research partner in the expanding global consumer goods industry.

With this being his first representative role as CIO, we asked Roy to provide our Network members with advice on what he has learned throughout his career, furthermore what he feels is central in taking on the challenge of becoming a CIO. Below is Roy’s list of tips to succeed as a new CIO.

1. MAINTAIN A BALANCE BETWEEN TECHNOLOGY & BUSINESS STRATEGY
   Becoming a CIO had been on my agenda for almost 8 years. To achieve this goal I learned early on in my career, the importance of maintaining a healthy balance between business strategy and technology. I spent a great deal of time working on my soft skills and understanding the business strategy. I did my best to help align technology with the business strategy. Most recently however, I tried to be very selective in the opportunities I took within U.S. Freightways in order to increase exposure to the business strategy.
   
   
2. BUILD MOMENTUM FOR YOURSELF
   I believe being part of the business strategy is a conscious choice an IT person makes. There is a tremendous amount of information out there but it takes a motivated individual to be proactive and do something with that information. You have to be willing track to it down and make appropriate investments. In transforming that information into ideas, plans and strategies you will concurrently build momentum for yourself. Bounce those ideas off to other members of your leadership team, particularly within the peer network.
   
   I spent a great deal of time learning the value of soft skills and networking. I learned how to put myself in situations where I gained the confidence of others in order to to influence some of the more informal decisions that seemed to steer most organizations.
   
   
3. COMMUNICATE EFFECTIVELY AT ALL LEVELS
   Managing effectively can be difficult if you lack proper communication skills. In essence, the best way to manage is to communicate effectively at all levels (upwards, downwards, across and externally). This entails talking with people to really understand their concerns. In considering their opinions you begin to build relationships. If you do this enough on all levels you will find that you are welcomed into conversations where an issue is being debated where many times the policy is set long before the official word comes out from management.
   
   My ability to communicate at all levels was critical to my success at IRI, particularly in getting some challenging things across and being able to be collaborative and decisive. I had a reputation for being the "bad news" guy because I was always straightforward in delivering my message, whether it was good or bad. My priority has always been on knowing where the problems are and what the issues, not necessarily spending time discussing where we’ve done well. This is where success and failure leaps out. You have to be able to communicate with people and make sure you are getting the bad news out there in order to manage expectations. In the end people may not necessarily be happy with the outcome but they will understand why you made certain decisions.
   
   
4. RESIST TEMPTATION TO OPERATE TOO LOW
   Do not operate in too much detail As CIO, I definitely see my role as a strategic planner and someone who understands the business plan and creates an IT plan along with its reflective budget. I am also the person who can effectively educate the management team (by communicating and setting expectations) on the issues we face as an organization, from both a technology and organizational process perspective, and someone who can ultimately convince them to provide IT funding.
   
   I have been pleased with my success to date. From an enterprise architecture view at Ruan, I am currently trying to take a long range look in the three to five year horizon and make sure we are setting the underpinnings in place so that we have applications that talk effectively to one another and databases that are well integrated and easily give way to analytics. In addition, we have to ensure IT quickly delivers applications as the business demands more and more adaptive range in terms of where they want to take the business process.
   
   
5. BE WELL GROUNDED IN TECHNOLOGY AND PROCESS UNDERSTANDING
   I believe it is essential for a CIO to be well grounded in their understanding of technology in order to be effective. You have to understand concepts such as understanding the value of enterprise architecture, how a good PMO organization communicates effectively and sets expectations and understanding that is really the face of our service organization internally to our clients and in many cases externally as well.
   
   
6. ESTABLISH AND COMMUNICATE YOUR AGENDA
   The CIO is really a change agent of the highest caliber so in jumping into that role you have to establish and communicate your IT agenda. A CIO is clearly involved in shifting the culture of the company therefore, having a well grounded process, knowing how to prioritize and allocate funds and ensuring alignment with the business needs are all components for success as a change agent.
   
   One of the things I underestimated before I became a CIO was the nature of the gap between the business units and technology and what a real challenge it is to help people understand why certain IT decisions are essential not only to the Information Technology department but to the organization as a whole.
   
   Getting management to buy into the concept of enterprise architecture is just one example of the importance of effectively communicating your agenda. Restructuring Ruan’s PMO organization has been a leap of faith and demonstrating the value to management has been a real challenge. Getting their buy in has only been successful through educating our management team on the importance of making these types of investments for the long haul. To be effective, a CIO needs to find ways to educate, communicate and set expectations.
   
   
7. BUILD INFORMAL PEER NETWORKS
   Communicating with the other officers of the company is crucial in developing networks to improve skills. I have had enough leadership roles at a fairly high level where my expectations had been realized, however I was not quite aware of how critical building informal peer networks was to my success as a CIO. It is essential that I nurture and maintain those relationships. They tell me where they feel pain and as a result I am able to ascertain what their real strategy is and what they’d like to see happen. If that network were not in place then I would ultimately fail.
   
   
8. HAVE A MENTOR
   They say imitation is the greatest flattery. A mentor can truly serve, as a spring board for your career in building your own management style. Intuitively we all learn the same way, but there is some type of synthesis that goes on as you discard the things that you think are not effective and pick up the pieces that you like.
   
   I can point to several individuals that guided me throughout my career. The person who educated me on the CIO role was my former boss at USF who I worked with for 10 years. When he left the organization I took over his position and it turned out to be the first leadership role I held, having complete IT responsibility for a $1Billion company.
   
   I really emulated his style. I also observed his strengths and evaluated him both positively and negatively questioning what he did in situations where things were not functioning. I also took note of those techniques that were effective. In addition to showing me how to be a good role model, my mentor also made it clear to me that at the CIO level of leadership, you need quite a bit of backbone. You have to be strong enough to stand your ground, take a position on an issue and be willing to debate it in good faith.
   
   
9. DO NOT BECOME A STATISTIC
   Although the statistics are now changing, the average tenure of a CIO has been 18 months. To maintain the CIO role beyond that timeframe it is crucial to establish confidence and credibility during the first months on the job. Turn downward and evaluate the organization’s processes, learn the business, understand the business strategy, build peer networks and communicate to others that you understand how to bring IT in alignment with the business strategy.
   
   This is what I have been working on since my start at Ruan. The reality is that for the first 18 months I am very much turning downward and evaluating: processes, our own technologies and taking an active role in rebuilding the organization through the selection of partners for co-sourcing opportunities, working with the chief architect to build an enterprise architecture, etc.
   
   Being new to an organization, you have to be able to move in the direction that you want to go while simultaneously helping everyone in the organization understand what you are trying to accomplish. Certainly it is not always possible to get their buy in and support for your entire agenda, but I’d like to stress that a new CIO should concentrate on networking, layering into the strategy and communicating expectations during the first year on the job.
   
   

M. Wood Company’s relationship with Roy began in 1999. With an extensive focus on application development, M. Wood Company successfully recruited Roy for his previous role as Senior Vice President, Application Development at Information Resources Inc. If you have any questions or comments on Roy’s climb to the CIO position, he can be reached via email at roy.cashman@ruan.com.

What’s New in October 2002
Please contact John Poracky at poracky@mwoodco.com or Milton Wood at mwood@mwoodco.com if you know of anyone (including yourself) that could be appropriate for these roles. Additional information and a complete listing of our current searches can be found on our website http://www.mwoodco.com.

Corporate Information Security Officer
The Company’s banking, insurance, and diversified financial services businesses make it one of the world's largest financial services firms. The Corporate Information Security Officer will occupy a pivotal role in providing assessment, planning, policy, standards, and remediation activities to support the global efforts of the enterprise to support efficiencies and economies of scale in the security field. As the senior IT Security Official, the incumbent is also responsible for education, awareness, and training at all levels up through executive to enhance the security awareness and business impact of properly functioning security programs and processes.

Director, IS Technology (CTO)
An incredible opportunity exists for a seasoned IT manager to lead the technical architecture strategy and implementation for one of the leading academic hospital systems. Reporting to the Chief Information Officer, this IT Director will be responsible for developing and maintaining the IT infrastructure including all production systems, underlying technologies, hardware, software, networks, LANS/WANS, operating systems and security. The Director will also be responsible for setting and communicating technology standards, identifying new technologies and for all technology focused (e.g., Web, Middleware, etc.) resources.

Director, Managed Care Services
A leading, values-driven healthcare system in Central Indiana which promotes and advocates a healthier society, in strong partnership with communities, physicians, and others is seeking a Director of Managed Care Services to lead its Financial Services Department. This role will direct development and implementation of managed care strategies on behalf of the company and affiliated medical group. The Director will also be charged with directing managed care contracting process for all medical, ancillary, and facility services and will serve as principal relationship manager between payers and the company.

Director, Project Management Office
One of the leading research and academic hospital systems in the country is presently seeking a seasoned project management executive to come in at the ground floor to lead the development and execution of a first class technology project management office. Reporting to the CIO, this PM executive will lead the development and execution of the project management vision, work with other IT leaders and customers to establish and implement standards, analyze current workflows (if any) and processes and recommend opportunities to improve.

Product Manager
This position has profit and loss responsibility for running an importing division for our client, a manufacturer and seller of a variety of sporting goods. The Product Manager will be accountable for goods manufactured under contract in China that are sold to U.S. retailers. Further, the position will lead and manage market analysis; product innovation and creation; customer collaboration; product and prototype development; prototype testing; final product development, completion and pricing; line structure design; line "selling" to sales and customers; lead product manufacturing; and delivery and inventory control.

Senior Client Outsourcing Relationship Executive
As a global business, our client provides services and technology to commercial businesses and governments throughout most of the world. The company currently employs 38,900 people globally and is now seeking a seasoned outsourcing professional to join their team. The Senior Client Relationship Executive will have nationwide responsibility for the existing and future relationship with one of their most substantial accounts, representing approximately $60M in annual billings and growing. The relationship executive will sell and manage this account’s outsourced technology products and services, people, processes and satisfaction throughout the entire pre and post sales cycle and delivery process.

Senior Vice President, Sales & Market Development
Ranked as one of the top providers of IT solutions to the healthcare market, our client serves more than 500 payors, providers and benefits administrators. Our client offers a tremendous opportunity for an established sales and marketing professional to execute a vision, which increases market share and margins. The SVP will be responsible for all sales operations including, leading, mentoring and re-engineering a sales force to a "customer intimate, solution-based" model. Further, the SVP will be accountable for market penetration with existing clients as well as generating business in new accounts.

Vice President, Brokerage Systems
Our client, a leading real estate services company with operations in the United States and other countries worldwide is seeking a Vice President of Brokerage Development to lead the future development of brokerage applications. This position will support current business requirements while creating a sustainable long-term competitive advantage for the Company.

Are you a new or a seasoned CIO? Whatever stage you are at, in your CIO career track, it is important to understand that leading, as part of the management team, requires you to come into a company with a definite plan of attack. Analyzing certain elements vital to the CIO role can be the difference between success and failure. Based on our extensive experience in recruiting CIOs, here is a checklist we have created on What a CIO Wants to Know Upon Entering a New Company

• Organization
  • Company, I.T. function, etc. Who reports to whom? What is the relative importance of one function to another in business terms, at a very macro level.
  • Mission statements -- by function
  • Resources -- budgets -- dollars/personnel
  
  
• Business plans
  • If published and used; if not, interviews with heads of business units.
  
  
• I.T. plans
  • Whatever form they take; covering the planned manpower utilization for the upcoming period, history of same if available, equipment acquisition schedules, facility renovation/space utilization, portfolio of applications currently running/being developed
  
  
• External relationships
  • Consultants, vendors, peer I.T. groups, academic partnerships, etc. Need to know: Who is involved? To what purpose? At what cost? What dependencies have developed and how critical are they to the business?
    • I.T. processes
    • Job descriptions
    • Salary ranges/bonus targets vs. market
    • Goal setting process
    • Current evaluations on all I.T. personnel, regardless of their reporting relationship.
    • Capital and expense
  
  
• I.T. steering committee
  • Who evaluates I.T. plans and resources? By what process? How frequently? Who participates from I.T. and what is their role?
  
  
• Communications programs
  • Company, I.T., etc. To what degree do I.T. people know each other? Work together on joint projects? Get together regularly with peers, customers, vendors, etc.

***Professional Development***
Do you need to jump-start your career? Would you like to become a better CIO? Read this page on CIO.com for information on salaries, associations and educational choices. Go to:

http://www.cio.com/research/executive/career.html

***Chief Security Officer (CSO) Magazine***
This fall, watch for CSO, the new magazine from the publishers of CIO. It features case studies, in-depth analyses and best practices for balancing the safety, security and privacy of your enterprise with business success. Free charter subscriptions are limited. Go to:

http://www.omeda.com/cgi-win/cso.cgi?add&p=snl01

M. Wood Company Recognized in Crains Chicago Business
For the fifth consecutive year, Crains Chicago Business recognized M. WOOD COMPANY as one of the largest executive recruiters in Chicago. Companies were ranked according to net professional fee revenues. To look at the listing just click on the link below.

http://www.mwoodco.com/cio/CRAINS_2002_List.pdf

M. Wood Principal Publishes Article
John Trakselis, a Principal at M. Wood Company specializing in financial searches, recently published an article on Finance Executives. The article, Qualities of a High Performance Finance Executive: An Aggregation of Skills looks at qualities our partners and principals have identified, over the process of recruiting candidates for various roles and functions, that are necessary to become a high performance finance executive. To see view the article click on the link below.

http://www.mwoodco.com/cio/high_performance_exec_f2.pdf

Strategy+Business Media publishes a quarterly magazine, a Web site (www.strategy-business.com), books, and ancillary publications. Its mission is to provide executives with commentary, research, and practical ideas that bridge the gap between theory and practice in contemporary global business.

M. Wood Company
10 South LaSalle Street
Suite 3700
Chicago, IL 60603
(312) 368-0633/Phone
(312) 368-5052/Fax
http://www.mwoodco.com

If you have any questions, comments or if you would like to submit a resume to us, feel free to contact a member of the M. Wood Company team.

Milton M. Wood
President & Chief Executive Officer
mwood@mwoodco.com

John W. Poracky
Partner
Poracky@mwoodco.com

John Trakselis
Principal
trakselis@mwoodco.com

Jane R. McCarthy
Principal
mccarthy@mwoodco.com

Katherine Smetana
Director, Research & Recruiting
smetana@mwoodco.com

Silvia Ceballos
Editor, Network News
ceballos@mwoodco.com