There has to be a balance. CISO's can't dominate a business agenda but boards and other C level officers can't exclude a CISO and his ambitions.
If business wants to have a CISO he must be able to demonstrate his strategy to all on even ground; and he must be able to show how he can achieve the goals\how much it costs\what everyone will have to do, not just get told he has to do it.... by a certain date. this is the experience i have had on three occasions.
Why should a CISO stay in a job? Chief information security officers and other enterprise security leaders often don't remain long enough to make a strategic difference.
Those that do say business focus, the ability to communicate with key stakeholders and knowing how to manage expectations are key. Putting the business first and having that perspective is also very important.
Why does a CISO leave a job? It seems that the style of role means there are some likely reasons: .Structural changes and outsourcing .Better salary elsewhere - The lure of higher compensation is one major reason why CISOs rarely stay very long in one place. .Corporate mismatch and 34 percent head for the exits because they feel left out of the executive decision-making process. .Lack of budget, lack of skill and inadequate support from upper management.
Lastly, in a world of emerging threats why would CISOs be the first to bear the brunt for data breaches. They are but where does the CTO, CIO, CDO sit in all of this. they often have been in the job for a while and have mostly cut costs.