Who in the organisation should be responsible for ensuring that the information risk

The Chief Information Security Officer (CISO) should be responsible for ensuring that the information risk management program is developed and implemented effectively. The CISO oversees the organization's information security strategy, collaborates with various departments to assess risks, and ensures that appropriate controls are in place. Additionally, they play a critical role in communicating the importance of information security to senior management and the board, thereby fostering a culture of risk awareness throughout the organization. Ultimately, accountability for the program's success lies with the CISO, supported by a team of information security professionals and stakeholders across the organization.