The responsibilities of the CISO have expanded beyond the security of the enterprise to concentrate on managing the risk of the information, regardless of where it resides. This session will discuss how the CISO role has evolved into the Chief Information Risk Officer (CIRO) and the emerging yet controversial CIRO reporting structure within the organization.