{"id":5827,"date":"2025-11-17T07:00:00","date_gmt":"2025-11-17T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5827"},"modified":"2025-11-17T07:00:00","modified_gmt":"2025-11-17T07:00:00","slug":"the-rise-of-the-chief-trust-officer-where-does-the-ciso-fit","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5827","title":{"rendered":"The rise of the chief trust officer: Where does the CISO fit?"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

CISOs may soon find themselves operating alongside a new colleague, the chief trust officer, as more organizations elevate trust as a business differentiator. With breaches, product safety concerns and uncertainty about AI, trust has taken a battering in the eyes of customers and prospects in recent years. It comes amid a wider erosion of trust, particularly across businesses and business leaders, according to Edelman\u2019s<\/a> 2025 Trust Barometer.<\/p>\n

But that may be shifting as organizations create a flagship role that owns and oversees trust. To be effective, the role needs to be more than a rebrand of security and show measurable outcomes and tangible improvements.<\/p>\n

For CISOs, there are questions about how the chief trust officer (CTrO) role intersects with security \u2014 and could it represent their next career move?<\/p>\n

What exactly is a chief trust officer?<\/h2>\n

The CISO role emerged to formalize accountability for security, first within financial services and technology companies before broadening into other sectors.<\/p>\n

Similarly, the chief trust officer role emerged about a decade ago, led by B2B software and technology companies facing increasing scrutiny about the security of their products and platforms, according to Forrester<\/a>.<\/p>\n

Over the past decade, pressures around privacy, security, compliance, risk management, and now AI have intensified. In response, some organizations are formalizing trust by designating ownership in a single C-suite role.<\/p>\n

Sixteen companies have a chief trust officer, mostly software and technology vendors, including Atlassian, Salesforce, NinjaOne and SAP, with tenures ranging from six months to five to six years, according to Forrester\u2019s report.<\/p>\n

Gong chief trust officer Chris Peake has been in the role for about three months, after serving as Smartsheet CISO and director of trust and customer security at ServiceNow. He sees the role evolving from its banking and finance origins as it matures.<\/p>\n

\u201cI\u2019m seeing subtle differences in different roles based on what the organization needs,\u201d he says.<\/p>\n

Forrester describes it as taking ownership for making the firm\u2019s commitment to trust authentic and intentional.<\/p>\n

For Peake, the role centres on privacy, responsible data use and openness, especially around how AI models are trained and protected.<\/p>\n

\u201cWe have to be transparent. We have to communicate well. With AI, for example, it\u2019s what we\u2019re doing with that data. How we train our models. How it\u2019s protected. So, transparency and communication around those things are critical pillars,\u201d he says.<\/p>\n

CISO and CTrO: A model for a working partnership?<\/h2>\n

As customers, partners and regulators demand greater openness and assurance, those in the role say building trust \u2014 not just security \u2014 is the answer. Trust is touted as a differentiator for organizations looking to strengthen customer confidence and find a competitive advantage. Trust cuts across security, privacy, compliance, ethics, customer assurance, and internal culture. For the custodians of trust, that\u2019s a wide-ranging remit without the obvious definition of other C-suite roles.<\/p>\n

Typically, the CISO continues to own controls and protection, while the CTrO broadens the remit to reputation, ethics, and customer confidence. Where cybersecurity reports to the CTrO, it is a way to escape IT and the competing priorities with the CIO. This partnership repositions security from \u2018department of no\u2019 to business enabler, Forrester notes.<\/p>\n

Vinay Patel, Zendesk\u2019s chief trust and security officer, agrees that the role aligns trust with business strategy. \u201cA CISO protects systems. The chief trust officer is really protecting confidence. One is safeguarding the company, and the other is safeguarding its credibility,\u201d he says.<\/p>\n

There\u2019s an added challenge in that the chief trust officer role owns responsibility for trust at a time when trust \u2014 and lack of it \u2014 has become a revenue and reputational issue. Patel says that strong alignment between customer trust and business strategy is critical. \u201cIf you don\u2019t have credibility in the marketplace, with your partners and customers, your business strategy is dead on arrival,\u201d he tells CSO.<\/p>\n

Whereas CISO\u2019s day-to-day responsibilities include checking on the SOC, reviewing alerts, GRC, managing other security operations and board reporting, the chief trust officer role weaves customer trust throughout, says Patel.<\/p>\n

\u201cIt\u2019s really bringing that trust lens into the decision-making equation and challenging colleagues and partners to think in the same manner.\u201d<\/p>\n

Patel\u2019s dual title signals equal emphasis on platform security and managing customer data with integrity. \u201cIt wasn\u2019t just important to demonstrate that we do a good job of protecting our systems \u2026 but also amplifying the importance of earning and renewing that customer trust every day,\u201d he says.<\/p>\n

In Gong\u2019s model, IT and security merged into a unified Trust Office with the CISO reporting to Peake. His responsibilities extend to product security, compliance, security operations (such as incident response), and leading a team of field security colleagues who interact directly with customers.<\/p>\n

This partnership model helps translate complex technical assurances into business-level trust and rebuild confidence quickly during incidents through openness and empathy.<\/p>\n

Peake tells his approach is collaborative and outward facing, positioning the trust function as a bridge between customers, sales and technical teams. He acts as a \u201cconduit\u201d between customer expectations and the company\u2019s security and AI practices. He\u2019s focused on creating a secure, stable and resilient platform that customers can trust, going beyond traditional security and compliance.<\/p>\n

\u201cIf you trust a company, you will go back to them. So, there\u2019s a clear link between business enablement and having the trust of your customers,\u201d he says.<\/p>\n

Peake believes the role goes beyond compliance and touches the human emotion of trust, something that\u2019s earned and maintained through actions.<\/p>\n

\u201cIt\u2019s built through connection with customers rather than metrics,\u201d he says.<\/p>\n

But how risky is it to own institutional trust? Peake acknowledges the role\u2019s pressure and visibility, saying the CTrO becomes the \u201ccustodian of honesty\u201d during crises and must act with honesty and empathy and work to rebuild trust. \u201cAs the saying goes, you earn trust in droplets and lose it in buckets. Well, you want to start earning it back right away.\u201d<\/p>\n

How do you operationalize trust and avoid empty trust signaling?<\/h2>\n

There is also the question of how organizations operationalize trust \u2014 and can it be measured? No off-the-shelf platform exists, so CTrOs must build their own dashboards combining customer and employee metrics to track trends and identify early signs of trust erosion.<\/p>\n

Organizations don\u2019t have a dedicated trust tech stack to draw on but those in the role still find useful indicators.<\/p>\n

Peake warns that organizations must avoid treating the title as trend or hype \u2014 \u201cthe proof will come out in how we behave and act. I would stay away from trying to measure trust itself and focus on the indicators that we are trusted or not trusted\u2026 that will indicate whether our customers feel we\u2019re a trustworthy partner of theirs.\u201d<\/p>\n

He uses customer sentiment, confidence in the platform, and retention as reliable trust signals. \u201cIt\u2019ll show up in lagging customer sentiment or how confident customers are with the platform and whether security concerns prevent us from bringing on new customers,\u201d he says.<\/p>\n

Patel focusses on robust processes such as responsible AI governance and validating with external benchmarks such as ISO 42001 certification for AI trust and governance and working towards CSA<\/a> STAR for AI. \u201cThese give customers and stakeholders a standard measure to evaluate to what degree an organization has a strong security program or a strong AI trust and governance program.\u201d<\/p>\n

Forrester also cautions that adopting the title without real change risks \u201ctrust theatre.\u201d Real accountability, it says, demands executive backing, aligned incentives and board oversight to turn words into measurable action.<\/p>\n

In some instances, organizations create a trust officer in the wake of an incident to signal to customers and the wider market they value trust. But in the rush to prove their trust credentials they need to do more than just add a new title. There are essential questions organizations need to answer, says Peake. \u201cWhat\u2019s our fundamental need to be a trustworthy organization? You need to think through what that means to customers and how you\u2019re going to bridge that gap,\u201d he says.<\/p>\n

What about the board?<\/h2>\n

All institutions must work to rebuild trust because higher trust levels are linked to better economic outcomes and well-being, the Edelman trust report notes. All organizations have a role to play and that needs to be led from the top.<\/p>\n

If trust is to be a foundational value of the organization, the chief trust officer role must have visibility and accountability to the board. \u201cTrust is a lens, and that lens needs to be thought about at the board level,\u201d Peake says. \u201cWe need them to hold us accountable to keeping to our values,\u201d he says.<\/p>\n

Most CTrOs report directly to the CEO, often overseeing security, privacy, and compliance functions, with the CISO reporting to them or alongside them, Forrester found. Positioning trust at the executive level signals that it is a strategic issue, not just a technology concern.<\/p>\n

Trust conversations are more strategic and better aligned with board-level priorities than security reporting, according to Patel. Framing discussions through the lens of trust helps boards connect security initiatives with business strategy.<\/p>\n

\u201cWhen I\u2019m communicating with the board, I\u2019m talking about things that impact customer trust\u2026 and these points help the board understand more clearly than how many vulnerabilities have been addressed or other technical facts CISOs have to find ways to translate for the board.\u201d<\/p>\n

Is the chief trust officer the next step for CISOs?<\/h2>\n

Many early CTrOs were former CISOs, suggesting an evolution from security and compliance to reputation and ethics, according to Forrester. It builds on the CISO\u2019s foundation, but requires a broader focus on empathy, communication, and customer advocacy, rather than purely risk reduction.<\/p>\n

As organizations differentiate through trusted AI and responsible data use, the CTrO could become as common as the CISO. Peake believes trust will become foundational to business relationships, especially as AI and data governance dominate customer concerns. Peake calls it an \u201cevolutionary step\u201d for security leaders, saying his years of customer engagement made it a natural transition.<\/p>\n

\u201cI\u2019ve spent a lot of time with customers, understanding their concerns and being a broker, in a way, between what customers need and how to build security into the products that meet their requirements.\u201d<\/p>\n

Some CISOs may already act as de-facto trust officers, engaging with external stakeholders and leading cross-functional risk programs without a formal title. However, the title shouldn\u2019t simply rebrand the CISO role.<\/p>\n

Patel wants CISOs to view the chief trust officer role less as a career step and more as an opportunity for broader impact on company strategy.<\/p>\n

\u201cIt\u2019s a mindset shift,\u201d he says. \u201cWhen that resonates with an existing CISO, that indicates a calling.\u201d<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

CISOs may soon find themselves operating alongside a new colleague, the chief trust officer, as more organizations elevate trust as a business differentiator. With breaches, product safety concerns and uncertainty about AI, trust has taken a battering in the eyes of customers and prospects in recent years. It comes amid a wider erosion of trust, […]<\/p>\n","protected":false},"author":0,"featured_media":5828,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5827","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5827"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5827"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5827\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5828"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}