The changing role of the CISO - Operator, Supervisor or Controller

Security is led by a Chief Security Officer (CISO) in regulated companies. Banks have adopted the three lines of defense model to ensure there are clear responsibilities and accountabilities around key leadership roles such as Risk and Security. This, however, does not mean that the role a CISO has to adopt is completely formalized. There is room for them to be Operators, Supervisors, or Controllers. Choosing the right archetype aligned to company culture can help their company succeed or result in a very short career for them.