The Director-General of the Government Communications Security Bureau (GCSB) acts as the GCISO, and the NCSC provides support to this role.
The Government Chief Information Security Officer:
- is responsible for the strategic direction and prioritisation of the New Zealand Government’s approach to information security,
- uplifts the cyber resilience of the public service through a mandate provided by Cabinet,
- is designated as the system lead for information security under the Public Service Act in 2022, and
- offers services to protect the Government's most sensitive information.
The GCISO’s mandate includes the following tasks:
- identifying systemic risks and vulnerabilities, and providing guidance to help manage them,
- providing accreditation and assurance of highly sensitive systems,
- providing high-grade encryption products and support to government agencies and selected commercial entities,
- setting information security standards through the development and maintenance of the New Zealand Information Security Manual (NZISM),
- collaborating and coordinating with other digital and data government leads – the Government Chief Digital Officer, Government Chief Data Steward, and Government Protective Security Lead – to support the secure digitisation of government,
- carrying out assurance activities and developing cyber security frameworks,
- providing investment advice to Treasury, and
- working with ICT supply chain vendors – alongside the Government Chief Digital Officer – to ensure mandated digital technology and programmes are secure by design.
New Zealand Information Security Manual (NZISM) External Link