Chief information security officers have the business savvy and technical know-how to be chief information risk officer. Intel Chief Information Security and Privacy Officer Malcom Harkins: “It’s part of my role” CISOs should be a major player in helping the state assess risk, but others should bear responsibility for managing risk. CISOs will need to deal with these tensions, as well as others, in order to carry out their increased responsibilities successfully, says Chris Buse, CISO for the state of Minnesota.”]
Source: https://www.bankinfosecurity.com/blogs/should-ciso-be-chief-risk-officer-p-1549

