Ready to Be a Board Director? Here are 12 Things You Should Know

Notes From the Boardroom, vol. 1

Editor’s note:“Notes from the Boardroom” is a series of blogs from ISACA Board Chair John De Santis providing transparency, context and perspective on how the ISACA board is carrying out its governance responsibilities. 

With ISACA board nominations now open, I’d like to share a “peek behind the curtain” on what the ISACA board does and what board directors need to know and do.

This post is the first in a series that will help you better understand what we do and whether you’re interested in applying for either ISACA board leadership or a board role for another organization.

First, some background: ISACA is a significant and size-able non-profit organization with a broad scope of activities and a very professional, strictly vetted and highly qualified board. When people think of nonprofit board leadership roles, they often think of charities, where the main responsibility of a board member is either to write a big check themselves or to solicit donations. While ISACA is indeed a non-profit, it is a special kind of non-profit defined by the USA tax authorities under a ruling called 501(c) (6). This is a category reserved for business leagues, chambers of commerce, real estate boards, professional membership organizations, etc.; it is a ruling that allows these organizations to run as a hybrid form of an enterprise, collecting dues, selling or licensing products, etc., as long as it is done in a way that either benefits the membership or the industry at large.

ISACA operates as just such a hybrid organization: it is both a professional membership organization and a business. As an organization, we encourage and support our community either directly or through our chapter structure; we promote the interests of our members to industry, government and the academic community; and we advocate for our membership and the industry. As a business, we seek to help our members on their career journeys by developing, offering and continuously improving high standards for training, certifications and certificates, and we license related products and frameworks (such as CMMI and MDDAP) to enterprises and organizations that leverage the knowledge we’ve gained from developing our certifications.

Second, the ISACA board does not run the association. The board has oversight of an executive team led by the CEO that does the day-to-day work delivering value to you and to the world. Since the scope of activities that ISACA covers is both wide and deep, the association bylaws provide that the board has oversight over the executive function. This means that we need a board that is not just made up of audit, cyber or related experiences, but also knowledgeable of the journeys and domains in which our members operate, and knowledgeable and experienced in the many domains and activities outside of the career journeys many of us have taken.

So, let’s focus on a few things in the board’s scope:

1. Global strategy: With more than 180,000 members in 188 countries, “thinking global” is not just a buzzword for us—it’s fundamental to what we do. ISACA has more than 180,000 members in 188 countries. Everything we do must be done with an international mindset. Exposure to global experience among board members is highly desirable in that it provides a unique and rich perspective that would be missed if we only had board members with limited, regional experience.
2. Membership and chapters: Ultimately, ISACA exists to help our members thrive in their careers and advance trust in their organizations and industries. Our members and chapters are the heart and soul of ISACA. While our more than 225 chapters around the world are separate legal organizations, the ISACA board has oversight of the implementation of solutions at scale to help equip our chapters with the resources they need to serve our members well on a local level.
3. Budgets: Most chapter budgets that members manage are around the US$50,000 to $500,000 range (or equivalent in local currency), while some of the largest chapters manage budgets of more than $1 million. The ISACA board has oversight of a budget over 100x a typical chapter budget, with an operating expense budget that exceeds $100 million, along with oversight of treasury funds of close to an additional $100 million. With budgets and assets of such a magnitude, it’s critical we have the talent and experience to provide oversight responsibly, prudently and professionally.
4. Product development: As a provider of globally respected certifications, frameworks, training courses and more, ISACA board members are responsible for the oversight of innovation strategies, tracking market demands, new product research and development, product lifecycle management and product marketing. This area in particular is in very high demand (e.g., whoever knows anything about product management of AI and LLM-related solutions these days commands a premium), and this experience is much needed by our association and our board. It is not a domain in which many of our members have had deep experience.
5. Sales and marketing: ISACA board members must understand how to address global markets, what are best practices on selling and marketing products and services, what are best practices and metrics for sales and marketing efficiency, and how to operate uniquely in different regions. Board members must also have experience in business development and fostering strategic partnerships with other entities to help leverage and promote our own interests.
6. Advocacy: ISACA often works around the world with governments and regulators to advocate for our members and their professions. Board members need to understand the nuances involved with various government bodies, and sometimes participate in the high-level discussions to make sure ISACA is top of mind for global thought leaders and influencers.
7. Member experience: Part of serving our members well is delivering a user-friendly, seamless experience. Board directors must understand digital transformation and understand major platforms like customer management systems (CMS), new innovative learning management systems (LMS) and e-commerce systems.
8. Legal and regulatory landscape: Board members need to understand the various laws and regulations impacting our association and our members so ISACA can help navigate them judiciously and effectively. Being prepared for, experienced with and having the courage to stand up to legal challenges to defend the organization is an important qualification for a board role.
9. Profit for purpose perspective: While ISACA is a nonprofit professional association, it doesn’t mean we don’t seek to make a profit – profit margins ensure long-term viability and potential further investment in your success. Balancing mission with margin is a critical part of the job so we can continue to invest in you. Financial discipline, tracking and rewarding good financial performance, as well as providing oversight and control of capital investments, is essential to keeping the association thriving and solvent.
10. B2C, B2B and channel marketing perspectives: ISACA serves both individual members as well as enterprise customers via CMMI, the MDDAP Voluntary Improvement Program (VIP) and enterprise training. We deliver our training through Accredited Training Organizations (ATOs) which, in effect, are a channel for our products and services. Board members must have a deep understanding of how these various business models are leveraged for delivering value to our industry and to our community.
11. Stakeholder interests: ISACA has a huge tent of stakeholders: our members, our customers, our employees, the companies and organizations our members serve, our industries, and the communities where we live and volunteer our support. The ISACA board must stand for and take a holistic view of ALL our stakeholders and how we serve each effectively.
12. Hiring and managing a CEO: Boards are directly involved in the hiring, retention, holding accountable, determining performance measures and compensation, and, sometimes, even terminating a CEO. Senior leadership experience and wisdom is essential to be able to fulfill these duties. This responsibility is not for the faint of heart or the uninitiated.

So, unlike some organizations, being on the ISACA board is not a sought-after honorific, a popularity contest or even a capstone to a successful career – it is a real job with a huge scope and a lot of responsibility. Not everyone on the board must have experience in all 12 areas spotlighted above, but they should be able to check the box on quite of few of them. We have a few standing committees on which we encourage each board member to participate, based on their experience and interests: such as, Audit and Risk, Innovation and Technology, Compensation and Human Capital, and Governance and Nominations. At last count, our board members have found they have to commit somewhere between 200 and 300 hours of their time each year they serve. It is a big commitment, and one that goes unpaid.

Do you have what it takes? Do you have the inclination to look “over the horizon” and think strategically in a collegial and collaborative forum to advance ISACA’s mission? Do you have the experience, willingness and time to commit to such an endeavor? If so, check out the nomination details here for the 2025-2026 board term.