I think a chief security officer may have both a CPP and CISSP. There are approximately 55 different vendors offering security certifications. Many new certifications are coming out and outlining a few would be helpful CISSP, CISA, CISM, CFE, GIAC, ITIL, BS7799, ISO27000, certifications from OISSG, ISSA and so on and so forth.
The CISSP certification program is governed by the International Information Systems Security Certification Consortium, or (ISC)². The (ISC)² is a non-profit organization that is based in Palm Harbor, Florida. According to the (ISC)² Web site, the CISSP certification is aimed at "mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or senior security engineers". There are a couple elements of the CISSP credential that set it apart from most other vendor-neutral (or vendor-specific, for that matter) programs. For instance, to earn your CISSP you must. Subscribe to the (ISC)² Code of Ethics. Have a minimum five years of direct full-time security professional work experience in two or more of the ten domains of the information systems.