Abstract
The Chief Information Security Officer role faces persistent effectiveness challenges despite increasing organizational investment. Through grounded theory analysis of twenty Australian CISO interviews using Gioia methodology, this research reveals a dual-fit framework explaining effectiveness variability. CISOs must simultaneously maintain organizational alignment and environmental fit. Neither alone ensures effectiveness: organizational alignment without environmental fit causes external crises; environmental mastery without organizational fit creates internal marginalization. This dual requirement generates inherent tensions between standardization and flexibility. Political capital emerges as the critical navigation mechanism. Three leadership orientations require different strategies across organizational security maturity phases. The framework challenges traditional leadership theory developed in collaborative contexts, revealing how adversarial environments require different effectiveness models and providing phase-contingent strategies for security leadership development.
Recommended Citation
Onibere, Mazino; Ahmad, Atif; and Maynard, Sean B., "The Dual-Fit Imperative: A Grounded Theory of CISO Effectiveness" (2025). WISP 2025 Proceedings. 6.
https://aisel.aisnet.org/wisp2025/6