Once upon a time, there were no CISOs. This now-established role sprang into being roughly 30 years ago when Steve Katz became the world’s first Chief Information Security Officer for Citibank. His appointment was a response to a cyber-heist in which criminals stole $10 million.
Today, the threat CISOs were first summoned to fight hasn’t gone away. If anything, it’s got worse. Meanwhile, regulators have been sticking their noses into the tech industry’s business like never before. Facing this volatile threat landscape and plunging their hands into the boiling compliance cauldron is a new and emerging role: The Chief Trust officer (CTrO).
Laura Robinson, Program Director of the Executive Security Action Forum (ESAF) for the RSA Conference, a community of Fortune 1000 CISOs, tells The Stack: “The role of the CISO is evolving in some cases, with some professionals transitioning to the title of Chief Trust Officer. It’s challenging to compare roles directly. One Chief Trust Officer’s responsibilities might closely align with those of a CISO when you break them down line by line.
See also: The Big Interview with JPMorgan's Global CISO
“What’s particularly interesting about this shift is the emphasis on trust. It’s a new lens for the role. The focus extends beyond security to encompass data integrity and ensuring trust across the organization’s entire technology ecosystem. This includes earning the trust of customers, partners, and other stakeholders regarding how their data is handled.”
The shift is changing reporting lines, so whereas many CISOs would traditionally report to the CIO (although there is increasingly meaningful variety here too) the reporting structure could “vary significantly”, Robinson adds. “They can report to the General Counsel, the Chief Operating Officer, or even the CEO, depending on the company’s organisational structure. This variation reflects broader discussions in the industry about how diverse these roles have become."
What is a Chief Trust Officer?
The first point to note is that this role does not have a long history, with most CTrOs currently working in the tech sector.
Lily Haake, associate director and head of executive search at the IT recruitment firm Harvey Nash, told us: “The Chief Trust Officer is a very new role – we estimate that there are fewer than 200 people in the world who currently hold this title, but the position is certainly on the rise.
“The organisations that would typically hire this role are technology companies, often with a focus on the cyber security or data privacy sectors, as well as regulated businesses that handle significant customer data, such as banks and law firms. Candidates for this role tend to come from a cyber security or legal background and might have skills in areas such as data privacy, data governance and risk and compliance.”
The Chief Trust Officer bridges the gap between traditional IT security and customer-facing communication, fostering trust by ensuring proactive, transparent interactions during incidents and beyond.
"They’re responsible for strategies around cybersecurity, privacy, regulation, and compliance" – Mike Arrowsmith, NinjaOne.
Mike Arrowsmith, Chief Trust Officer at NinjaOne, told The Stack: "The growing number of Chief Trust Officers is a response to the volatility and rapid pace of change in today’s business environment. While emerging technologies like generative AI make organisations more productive and unlock new opportunities, they also introduce new risks, uncertainties, and regulations for organisations to navigate.
“Organisations need to find ways to implement new technologies, while also providing their customers with products and services that reinforce trust and enhance users’ experiences. Leaders also need to prioritise and plan around digital trust to set the foundation to grow and scale sustainably and ensure long-term business resilience. This is why the Chief Trust Officer has become critical. They’re responsible for strategies around cybersecurity, privacy, regulation, and compliance."
This role is particularly vital as businesses collaborate to address threats in a manner that ensures both trust and accountability flow between providers and clients. The need for such a role is likely to expand into any industry where clear communication and trust-building are critical in managing breaches and maintaining competitive advantage.
READ MORE: Shadow IT squared? What Fortune 1000 CISOs really think about GenAI
To understand the need for CTrOs, you must first understand what trust actually means in its latest context.
George Gerchow, Head of Trust at MongoDB, tells The Stack he defines it as: “Extreme transparency and communication. Two ways.”
MongoDB established the Office of Trust following a public security incident in December 2023 to enhance transparency and customer confidence. Recognising the need for proactive and clear communication beyond a security audience, the role was created to demonstrate ongoing security improvements and ensure consistent, accessible updates to customers, including database administrators and site reliability engineers.
"A more outbound job..."
Gerchow, who reports to the CTO, sees it as a “more outbound” job than a typical CISO’s role. He works with customers ranging from tech to finance companies, seeking their feedback to improve the security posture of both MongoDB and its partners.
These outward-facing activities can include customer interaction, industry advocacy, and translating external requirements into actionable internal strategies. This division of responsibilities allows the CISO to concentrate on internal operations while still ensuring external engagement is prioritised.
The role is particularly important during a time of increased public and investor scrutiny in the wake of major incidents such as the Crowdstrike outage.
“The shared responsibility model isn't working,” Gerchow says. “It should be about shared action."
He highlights three attributes that should be part of a CTrO’s “DNA”. First, you need a deep understanding of the business - how it operates and functions,” he says. “Second, you must have technical expertise, both in breadth and depth. For instance, with emerging technologies like AI, people will look to me for insights on how it’s being leveraged, the associated risks, and how we can adopt AI from a security perspective to gain a competitive edge and scale effectively.
“Third, and perhaps most crucial, is having experience as a CISO or Chief Security Officer. This role requires strong evangelism skills. You need to be comfortable in uncomfortable situations, projecting confidence and strategy both externally and internally to build credibility and get buy-in across the organization and the industry.”
READ MORE: Dell’s Chief AI Officer on “creating gods” and building an enterprise stack for GenAI
Michael Smets, professor of management at the Saïd Business School, University of Oxford, tells The Stack that The rise of Chief Trust Officers is reminiscent of the emergence of other recent CxO roles, which are “all relatively new but critical roles aimed at addressing the systemic challenges of trust and ethics that technology-driven environments carry with them.”
Smets argues that these roles have one thing in common: “Whoever fills them needs to be a strong orchestrator and willing to leave behind their ‘expert’ mindset," he says. "Orchestrators - like conductors of an orchestra - excel at getting different parts of the organization to come together around a particular issue.
"Imagine if one part of the company acted in highly ethical and trustworthy ways, but another broke trust at the same time. Both trust and cyber are similar insofar as they both require an “all in”, as in “all hands”, approach. It’s the job for an orchestra, not a soloist.”
Making this jump to conducting the orchestra, rather than playing lead trumpet, is not always an easy one.
“Getting the entire organization to cohere around one of these critical issues is as difficult as it is important,” he adds. First of all, given the novelty of the role and its wide-ranging remit, CTrOs face the paradox of “having a mandate of transforming everything while having authority over nothing”, as one of my research-participants it once eloquently put.
"Whatever you do, you are likely to come up against the 'turf' of more established C-suite peers in operations, finance, technology or HR. What’s more, these leaders are all likely to be more 'expert' than the CTrO in their respective field of expertise.
"Moving from ‘expert’ to ‘orchestrator’ requires a shift in leadership from relying on deep, specialized expertise in one domain to embracing a broader role that integrates and aligns efforts across the organization to address complex, cross-functional challenges, such as trust. This is going to be especially important for CTrOs, as building trust is not something that can rest solely with a single person, team, or department. It requires alignment across the entire organisation.”
A bright future for CTrOs?
One point is clear. We will see many more Chief Trust Officers appointed throughout 2025 and beyond.
Lakshmi Hanspal, Chief Trust Officer at DigiCert, tells us the trust is becoming a "foundational business asset".
"As someone who’s had the privilege of leading global security efforts at scale at companies like SAP Ariba, Box, and Amazon, I’ve seen firsthand how trust has evolved from a compliance checkbox to a strategic imperative," she says. "The rise of Chief Trust Officers reflects this shift. In 2025, we’ll see more organizations investing in this critical role as they navigate complex regulatory landscapes, increasing cybersecurity threats, and heightened customer expectations around transparency and ethical practices."
Hanspal wants to dispel the myth that CTrOs are only "evangelists for their companies" focused on "more talk and less action".
“A Chief Trust Officer focuses on delivering trust as a foundational business asset. From securing digital experiences, to building data privacy and ethical AI as cornerstones of trusted systems, the CTrO ensures organizations align technology, security, and transparency to build lasting trust with customers, partners, and regulators. "I also want to emphasize that successful Chief Trust Officers should operate with an engineering mindset to be builders and deliver to business product and engineering teams.
"As digital ecosystems grow, the need for dedicated leadership in this space will only intensify, making the CTrO indispensable in today’s business landscape."
Nassima Auvray, Chief Trust Officer at Orange Business, sees her role as tying together the complex loose ends of a tightly woven business environment.
“In a world where businesses, governments, and individuals are becoming increasingly interconnected, trust has become a non-negotiable factor of business success," she said. "Today, organisations are navigating increasing scrutiny around how they handle data, navigate the ethical concerns around using artificial intelligence, and meet Environmental, Social, and Governance (ESG) responsibilities.
"Chief Trust Officers play a pivotal role in building and maintaining trust between an organisation and its stakeholders, whether these are customers, employees, partners or the public. We act as a steward of trust, fostering transparency, ethical behaviour and accountability in how our business operates.
"Trust is the foundation that enables innovation, drives the adoption of digital technologies, and creates the confidence needed for businesses and economies to thrive. In today’s competitive and accountability-driven landscape, having a dedicated leader to build and sustain trust is not just a strategic advantage—it is a business imperative.”
