CISOs may soon find themselves operating alongside a new colleague, the chief trust officer, as more organizations elevate trust as a business differentiator. With breaches, product safety concerns and uncertainty about AI, trust has taken a battering in the eyes of customers and prospects in recent years. It comes amid a wider erosion of trust, particularly across businesses and business leaders, according to Edelman’s 2025 Trust Barometer.
But that may be shifting as organizations create a flagship role that owns and oversees trust. To be effective, the role needs to be more than a rebrand of security and show measurable outcomes and tangible improvements.
For CISOs, there are questions about how the chief trust officer (CTrO) role intersects with security — and could it represent their next career move?
What exactly is a chief trust officer?
The CISO role emerged to formalize accountability for security, first within financial services and technology companies before broadening into other sectors.
Similarly, the chief trust officer role emerged about a decade ago, led by B2B software and technology companies facing increasing scrutiny about the security of their products and platforms, according to Forrester.
Over the past decade, pressures around privacy, security, compliance, risk management, and now AI have intensified. In response, some organizations are formalizing trust by designating ownership in a single C-suite role.
Sixteen companies have a chief trust officer, mostly software and technology vendors, including Atlassian, Salesforce, NinjaOne and SAP, with tenures ranging from six months to five to six years, according to Forrester’s report.
Gong chief trust officer Chris Peake has been in the role for about three months, after serving as Smartsheet CISO and director of trust and customer security at ServiceNow. He sees the role evolving from its banking and finance origins as it matures.
“I’m seeing subtle differences in different roles based on what the organization needs,” he says.
Forrester describes it as taking ownership for making the firm’s commitment to trust authentic and intentional.
For Peake, the role centres on privacy, responsible data use and openness, especially around how AI models are trained and protected.
“We have to be transparent. We have to communicate well. With AI, for example, it’s what we’re doing with that data. How we train our models. How it’s protected. So, transparency and communication around those things are critical pillars,” he says.
CISO and CTrO: A model for a working partnership?
As customers, partners and regulators demand greater openness and assurance, those in the role say building trust — not just security — is the answer. Trust is touted as a differentiator for organizations looking to strengthen customer confidence and find a competitive advantage. Trust cuts across security, privacy, compliance, ethics, customer assurance, and internal culture. For the custodians of trust, that’s a wide-ranging remit without the obvious definition of other C-suite roles.
Typically, the CISO continues to own controls and protection, while the CTrO broadens the remit to reputation, ethics, and customer confidence. Where cybersecurity reports to the CTrO, it is a way to escape IT and the competing priorities with the CIO. This partnership repositions security from ‘department of no’ to business enabler, Forrester notes.
Vinay Patel, Zendesk’s chief trust and security officer, agrees that the role aligns trust with business strategy. “A CISO protects systems. The chief trust officer is really protecting confidence. One is safeguarding the company, and the other is safeguarding its credibility,” he says.
There’s an added challenge in that the chief trust officer role owns responsibility for trust at a time when trust — and lack of it — has become a revenue and reputational issue. Patel says that strong alignment between customer trust and business strategy is critical. “If you don’t have credibility in the marketplace, with your partners and customers, your business strategy is dead on arrival,” he tells CSO.
Whereas CISO’s day-to-day responsibilities include checking on the SOC, reviewing alerts, GRC, managing other security operations and board reporting, the chief trust officer role weaves customer trust throughout, says Patel.
“It’s really bringing that trust lens into the decision-making equation and challenging colleagues and partners to think in the same manner.”
Patel’s dual title signals equal emphasis on platform security and managing customer data with integrity. “It wasn’t just important to demonstrate that we do a good job of protecting our systems … but also amplifying the importance of earning and renewing that customer trust every day,” he says.
In Gong’s model, IT and security merged into a unified Trust Office with the CISO reporting to Peake. His responsibilities extend to product security, compliance, security operations (such as incident response), and leading a team of field security colleagues who interact directly with customers.
This partnership model helps translate complex technical assurances into business-level trust and rebuild confidence quickly during incidents through openness and empathy.
Peake tells his approach is collaborative and outward facing, positioning the trust function as a bridge between customers, sales and technical teams. He acts as a “conduit” between customer expectations and the company’s security and AI practices. He’s focused on creating a secure, stable and resilient platform that customers can trust, going beyond traditional security and compliance.
“If you trust a company, you will go back to them. So, there’s a clear link between business enablement and having the trust of your customers,” he says.
Peake believes the role goes beyond compliance and touches the human emotion of trust, something that’s earned and maintained through actions.
“It’s built through connection with customers rather than metrics,” he says.
But how risky is it to own institutional trust? Peake acknowledges the role’s pressure and visibility, saying the CTrO becomes the “custodian of honesty” during crises and must act with honesty and empathy and work to rebuild trust. “As the saying goes, you earn trust in droplets and lose it in buckets. Well, you want to start earning it back right away.”
How do you operationalize trust and avoid empty trust signaling?
There is also the question of how organizations operationalize trust — and can it be measured? No off-the-shelf platform exists, so CTrOs must build their own dashboards combining customer and employee metrics to track trends and identify early signs of trust erosion.
Organizations don’t have a dedicated trust tech stack to draw on but those in the role still find useful indicators.
Peake warns that organizations must avoid treating the title as trend or hype — “the proof will come out in how we behave and act. I would stay away from trying to measure trust itself and focus on the indicators that we are trusted or not trusted… that will indicate whether our customers feel we’re a trustworthy partner of theirs.”
He uses customer sentiment, confidence in the platform, and retention as reliable trust signals. “It’ll show up in lagging customer sentiment or how confident customers are with the platform and whether security concerns prevent us from bringing on new customers,” he says.
Patel focusses on robust processes such as responsible AI governance and validating with external benchmarks such as ISO 42001 certification for AI trust and governance and working towards CSA STAR for AI. “These give customers and stakeholders a standard measure to evaluate to what degree an organization has a strong security program or a strong AI trust and governance program.”
Forrester also cautions that adopting the title without real change risks “trust theatre.” Real accountability, it says, demands executive backing, aligned incentives and board oversight to turn words into measurable action.
In some instances, organizations create a trust officer in the wake of an incident to signal to customers and the wider market they value trust. But in the rush to prove their trust credentials they need to do more than just add a new title. There are essential questions organizations need to answer, says Peake. “What’s our fundamental need to be a trustworthy organization? You need to think through what that means to customers and how you’re going to bridge that gap,” he says.
What about the board?
All institutions must work to rebuild trust because higher trust levels are linked to better economic outcomes and well-being, the Edelman trust report notes. All organizations have a role to play and that needs to be led from the top.
If trust is to be a foundational value of the organization, the chief trust officer role must have visibility and accountability to the board. “Trust is a lens, and that lens needs to be thought about at the board level,” Peake says. “We need them to hold us accountable to keeping to our values,” he says.
Most CTrOs report directly to the CEO, often overseeing security, privacy, and compliance functions, with the CISO reporting to them or alongside them, Forrester found. Positioning trust at the executive level signals that it is a strategic issue, not just a technology concern.
Trust conversations are more strategic and better aligned with board-level priorities than security reporting, according to Patel. Framing discussions through the lens of trust helps boards connect security initiatives with business strategy.
“When I’m communicating with the board, I’m talking about things that impact customer trust… and these points help the board understand more clearly than how many vulnerabilities have been addressed or other technical facts CISOs have to find ways to translate for the board.”
Is the chief trust officer the next step for CISOs?
Many early CTrOs were former CISOs, suggesting an evolution from security and compliance to reputation and ethics, according to Forrester. It builds on the CISO’s foundation, but requires a broader focus on empathy, communication, and customer advocacy, rather than purely risk reduction.
As organizations differentiate through trusted AI and responsible data use, the CTrO could become as common as the CISO. Peake believes trust will become foundational to business relationships, especially as AI and data governance dominate customer concerns. Peake calls it an “evolutionary step” for security leaders, saying his years of customer engagement made it a natural transition.
“I’ve spent a lot of time with customers, understanding their concerns and being a broker, in a way, between what customers need and how to build security into the products that meet their requirements.”
Some CISOs may already act as de-facto trust officers, engaging with external stakeholders and leading cross-functional risk programs without a formal title. However, the title shouldn’t simply rebrand the CISO role.
Patel wants CISOs to view the chief trust officer role less as a career step and more as an opportunity for broader impact on company strategy.
“It’s a mindset shift,” he says. “When that resonates with an existing CISO, that indicates a calling.”
No Responses