The Government Chief Information Security Officer (GCISO) role is responsible for the strategic direction and prioritisation of the New Zealand Government’s approach to information security, and offers services to protect the Government's most sensitive information.
The NCSC provides support to the Government Communications Security Bureau's (GCSB) Director-General as the GCISO. Whenever the NCSC’s unique insights, relationships with international partners, and specialist technical capabilities support Government agencies, the NCSC is acting under the GCISO mandate and function.
In addition to the wider work of the NCSC, the GCISO carries out some specific tasks in service of government agencies, including:
- Identifying systemic risks and vulnerabilities, and providing guidance to help manage them;
- Ensuring classified facilities are free from interception devices or other information security vulnerabilities, and providing inspection services, accreditation, and assurance of highly sensitive systems;
- Providing high-grade encryption products and support to government agencies and selected commercial entities;
- Establishing minimum information security standards through the development and maintenance of the New Zealand Information Security Manual (NZISM);
- Collaborating and coordinating with other digital and data government leads; namely, the Government Chief Digital Officer, Government Chief Data Steward, Government Chief Privacy Officer, and Government Protective Security Lead;
- Utilising performance controls to support prioritisation of digital investment to lift information security across government;
- Providing regular reporting on the scale and location of risks across the system;
- Working with ICT supply chain vendors, alongside the Government Chief Digital Officer, to ensure mandated digital technology and programmes are secure by design.