The CISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate.
The CISO is responsible for identifying, evaluating and providing templates, cadence and quality reviews for reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives through a road map and executable plan provided to the Global CIO.
The CISO serves as the advisor to the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. The CISO understands that securing information assets and associated technology,applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization.