Governing Body Spotlight

Joe Suareo is an accomplished cybersecurity executive with over 30 years of experience leading security strategies across Fortune 500 companies in retail, finance, and manufacturing. As the Chief Information Security Officer at Restaurant Brands International, he oversees global cybersecurity operations for iconic brands like Burger King, Tim Hortons, Popeyes, and Firehouse Subs. Known for building high-performing teams and executing large-scale security transformations, Joe is a trusted advisor to Boards and executive leadership.

Learn more about the Chicago CISO community here.
 

Give us a brief overview of the path that led to your current role.

I began my career in IT audit, where I advanced progressively through senior leadership positions. Over time, I developed a strong foundation in global compliance, infrastructure security, and risk management. My transition into CISO roles began during an audit I was doing and the person in charge of Security left the company, and I was given the role.  

Unfortunately, that meant fixing everything I had identified for the prior two years. So, I rebuilt the cybersecurity program from the ground up. This pattern of transformation and maturity building continued through my career, where I led global initiatives and security operations. These experiences positioned me to step into my current role as CISO at Restaurant Brands International, where I now lead cybersecurity strategy for four major QSR brands. Throughout, the common thread has been leading security transformations that align technology with business risk and growth.
 

What is one of your guiding leadership principles?

"Build trust through transparency, empower through clarity." In a C-level security role, you’re constantly navigating risk, vagueness, and uncertainty. Your executive peers look to you not just for decisions, but for confidence, clarity, and integrity. In Practice, there are three keys:

• Transparency with Stakeholders: Whether communicating risk to the Audit Committee or explaining a vulnerability to a business unit, being direct and data-driven nurtures credibility.
• Clarity for Teams: When your team understands why they do what they do, and how their work contributes to organizational resilience, they become more aligned, proactive, and accountable.
• Empowerment Through Frameworks: Implementing frameworks gives your people the structure they need to execute autonomously and effectively.
   

What is the greatest challenge CISOs face today, and how are you addressing it?

The greatest challenge facing the CISO role today is balancing proactive risk reduction with accelerating digital innovation across a globally distributed enterprise—all while navigating an increasingly complex threat landscape and regulatory environment.

As digital transformation accelerates—especially in quick-service retail—CISOs must secure cloud-first architectures, support rapid app development, and protect customer data across omnichannel platforms without becoming a bottleneck. Meanwhile, cyber threats like ransomware, supply chain attacks, and state-sponsored intrusions continue to rise in volume and sophistication.
 

What is the key to success for someone just starting out as a CISO?

1. Establish Executive Credibility and Governance: A CISO must quickly become a trusted advisor to the Board, Audit Committee, and C-Suite.
2. Perform a Gap Analysis and Set a Baseline: Understanding the current maturity of the organization is foundational to building a roadmap.
3. Quick Wins and Visible Impact: Early accomplishments build trust and show momentum.
4. Build and Empower a High-Performing Team: you can’t scale transformation alone.
    

How do you measure success as a leader?

I measure success as a leader by how effectively I elevate people, mature the organization, and align security with business outcomes. It's not just about metrics, it’s about momentum, resilience, and trust.

• Team Empowerment & Growth: If my team is growing in capability, confidence, and cohesion, I know I’m doing my job. Success means building leaders, not followers—developing high-performing teams that can execute independently and thrive under pressure.
• Measurable Maturity Improvements: I track cybersecurity maturity using frameworks like NIST CSF, targeting quantifiable improvements. For instance, at both RBI and Beam Suntory, I led transformations that increased security maturity from early-stage (1.2–1.7) to advanced levels (3.15–3.5), ensuring our posture matched the business risk profile.
• Organizational Trust and Alignment: When the Board, business unit leaders, and external partners see security as a strategic enabler rather than an obstacle, that’s a sign of successful leadership. This is achieved by making risk visible, actionable, and tied to business imperatives.
• Crisis Resilience: A leader’s effectiveness shows up under pressure. I measure success by how well the organization responds to incidents—whether it's executing a tabletop exercise, navigating a real-world breach, or containing third-party risk. A smooth, coordinated response means the leadership foundation is strong.  Think of the Duck on the Pond analogy, you have to be calm and collected to everyone watching you on the pond… but your feet are moving a mile a minute under the water where no one notices.

Ultimately, success is about building systems and cultures that outlast you, while creating conditions where people feel safe to innovate—and supported when the stakes are high.
 

What is the value of being a member of Gartner C-level Communities?

Being a member since 2012, I’ve found Gartner C-Level Communities to be instrumental in refining not just my technical strategy, but my leadership mindset. It’s a place where spirited leadership is encouraged, and where collaboration becomes a catalyst for both personal and organizational growth. The value of being a member of the community lies in its unique ability to connect senior executives in a trusted, vendor-neutral environment where real-world challenges, strategic insights, and leadership experiences are shared with authenticity and purpose.
 

Gartner C-level Communities Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
 

By CISOs, For CISOs®

Join the conversation with peers in your local CISO community.