The Evolving Role of the CISO: Safeguarding Our Financial Future and Technological Edge

In celebrating Cybersecurity Awareness Month this October, it’s important we recognize the quickly evolving role of Security in finance and accounting. The role of the Chief Information Security Officer (CISO) has transformed from a purely technical function into a core component of business strategy.

As cyber threats become more sophisticated and regulations grow stricter, the CISO is now a key leader in protecting a company's financial health and competitive advantage.

To understand this critical connection between cybersecurity, financial integrity, and technology leadership, we sat down with BlackLine’s CISO, Jill Knesek. This discussion offers a look into how a modern security program becomes a powerful business enabler.

The CISO’s influence has expanded into the boardroom, where security is a critical part of executive-level discussions. According to Jill, this requires a new kind of communication. "It's important to be in those conversations, have good communication skills, and be able to articulate cyber risk at a level that non-technical people can understand," she explains.

This means moving away from technical jargon and what she calls "FUD"—fear, uncertainty, and doubt. Instead, the CISO’s focus should be on clear, specific conversations about actual business risk. "By just providing all of the security capabilities and functionalities in a risk-based posture, it really sets the scene and makes it a conversation that I can have with the executives and the board in a deeper way," Jill notes.

This approach is vital for justifying the return on investment (ROI) for cybersecurity. When security initiatives are framed within the context of risk reduction, the value becomes clear. Jill uses a risk matrix to show the board where investments are being made and how they lower the company's risk exposure, translating technical controls into tangible financial outcomes.

Finance and accounting departments are the heart of any enterprise, making them prime targets for cyberattacks. The most significant threat continues to be social engineering scams directed at employees. "They will usually target them...because they know there's a lot of access and opportunity to get valuable data," Jill states.

To counter this, BlackLine employs a robust phishing simulation program that trains employees to be the first line of defense. "I find that it has a lot of valuable returns when you start training the employees to be your first line of defense," Jill says. This proactive training, combined with technical controls like data loss prevention and advanced email filtering, creates a multi-layered defense to protect sensitive financial data from threats like invoice fraud.

With new regulations like the SEC’s cyber disclosure rules, and global frameworks like GDPR and DORA, compliance has become a central responsibility for the CISO. This has increased the pressure to report incidents quickly and transparently. "It also requires us to...be reacting much more quickly and make sure we have the ability to monitor and observe any kind of unusual activity," says Jill.

A mature Governance, Risk, and Compliance (GRC) program is essential. At BlackLine, a dedicated team ensures the company meets strict global requirements. This involves obtaining and maintaining key third-party certifications.

Jill proudly mentions, "We just obtained our ISO 42001, which is the AI management system framework and certification that demonstrates that we've got all the right controls and policies, and practices in place for implementation of AI." These certifications are not just about compliance; they are a differentiator that builds customer trust.

Modern business operations rely on a vast network of third-party vendors and deep integrations with customer ERP systems like SAP, Oracle, and NetSuite. This interconnectedness introduces significant supply chain risk.

BlackLine’s strategy is built with a "security by design, privacy by design" philosophy. "It starts at the very, very low level," Jill explains. The security team is embedded into the software development life cycle from the ideation stage, ensuring security is built in, not bolted on.

For third-party vendors, a rigorous risk management program is key. BlackLine assesses a vendor’s security posture well before they are brought on board. Jill emphasizes the importance of partnership: "I'm very keen on identifying vendors, especially critical vendors, as partners...Are you going to be there on my bad days?" This approach ensures every link in the supply chain upholds the same high security standards.

Artificial intelligence represents a monumental shift in technology. It offers powerful new tools for both attackers and defenders. "It does concern me because there are so many 'unknown unknowns'," Jill admits. However, she also sees its immense potential for security.

AI helps security engineers become more efficient by using natural language processing to build rules and analyze vast amounts of data to identify trends and patterns. "It's like anything, it's the double-edged sword," she says. "We just need to make sure and leverage whatever capabilities it offers...to make sure we stay ahead."

Ultimately, a strong security program is a powerful differentiator that builds customer confidence. BlackLine leads with cybersecurity, proactively sharing its security and compliance story with prospects.

"If you look at our landscape for security certifications, privacy certifications, and now AI certifications, we really are head and shoulders above our competition," Jill states. This commitment, demonstrated through third-party audits and a proactive culture, gives customers—and their own CISOs and CFOs—the confidence to entrust BlackLine with their most sensitive financial data.

The CISO's role is no longer confined to the server room. It is a strategic function at the intersection of technology, finance, and business growth, essential for safeguarding the modern enterprise. Interested in learning more about how BlackLine commits to protecting your financial information at all costs? Check out our Security Certificates.