Cybersecurity Blog | Ingalls Information Security

Why an ISO Is a Critical Need for Any Organization

Written by Kim Buckley | Dec 7, 2022 5:00:00 AM

The role of Information Security Officer at any company, especially Ingalls Information Security, is critical to mitigating risk and security threats. We interviewed our new ISO Brad Schrack to learn about his professional experience and what he likes best about working in cybersecurity.

Information Security is  a critical concern for companies in just about every industry. Threats to the security of data are increasing and data breaches are becoming more common and there is a critical need for someone in a company or organization to be responsible for security. It is also important to have a dedicated role be responsible for making security decisions and educating the management team on risks. However, few companies have a dedicated ISO who is responsible for security within the organization. 

The Information Security Officer (ISO) for any company or organization has the important task of mitigating risk from various security threats and data breaches. The main responsibilities of an ISO is to oversee information security, cybersecurity, and IT risk management programs based on industry-accepted information and risk management frameworks.

At Ingalls Information Security we take security very seriously for not only our clients and customers, but internally for our organization as well. We took a few minutes to chat with our new ISO Brad Schrack about the role, his professional experience, and what he likes best about the cybersecurity industry.

 

Tell us a bit about your professional background. 

Brad Schrack: I am a United States Air Force Veteran, who served as an OPSEC/Intelligence Analyst for 12 years.  I have had a diverse career working  as a consultant and DoD contractor for over 22 years now.  I have filled many roles to include; Corporate Compliance officer of a large Non-profit organization and the Information Security Officer of a large Alaskan Native Corporation.  This has allowed me to gain  experience in multiple frameworks and multiple Laws to include DoD, HIPAA, PCI, NIST and others.

 

What is your role at Ingalls on the Government Programs team?

I fill the Sr. Information Analyst role, primarily working our CMMC program and ATO/RMF consulting support.  I am also the Information System Security Manager (ISSM) for CSAR.

 

The ISO role can look a little different depending on a company’s security needs. At Ingalls, what does an ISO do? 

The ISO at Ingalls is responsible for overseeing and managing the Information Security activities of the organization to include but not limited to:

  • Chairs the Information Security Steering Committee
  • Oversees the Ingalls’ SOC 2 Type 2 compliance
  • Manages Implementation of Cybersecurity Maturity Model 
  • Manages Information security policies
  • Updates and communicates to Senior leadership state of the program

 


What do you like best about the cybersecurity industry?

There are always new challenges and opportunities to improve, you never stop learning in this industry.  Also there is room for both Technical and Management centered people and in fact it takes both to have a successful Cybersecurity program.