CISO
The information systems security manager manages cybersecurity within his scope (the company as a whole if it has not appointed a Cybersecurity Director, or functional, geographical scopes, etc.). His position (in the IT department? Close to Risks?) as well as his hierarchical level (why just “manager”? Should he have access to the COMEX in the absence of a Cybersecurity Director?) are the subject of much debate. In France, the Club des Experts de la Sécurité de l’Information et du Numérique (CESIN) or the Club de la sécurité de l’information français (CLUSIF) are the two associations that represent the interests of CISOs and fuel the debate on these subjects.
One day, someone said that the CISO was “the one who eats alone in the canteen”. To which the head of internal control replied: “at least he eats…”