When it comes to information and cyber security the responsibility falls at several levels including the Board of Directors and Senior Management. The Board is to set the tone, provide governance, approve information security policies and designate an ISO.

Senior Management is to ensure the Information Security Program is developed and maintained. The ISO; however, is responsible for overseeing and reporting on the management and mitigation of information and cyber security risks across the institution and is to be held accountable for the results of the oversight and reporting. The ISO is also responsible for seeing that the information/cyber security program is implemented and satisfies the regulatory Interagency Guidelines for Establishing Information Security Standards (GLBA).

While once thought to be a technology function the role was typically delegated to the IT Manager or Officer but today the ISO is to be independent of IT operations and report directly to the board, board committee, or senior management.What You'll Learn:

• Regulatory expectations
• Role of the ISO
• Typical Job Description
• Independence Mitigation Suggestions
• vISO