The Information Security Officer ISO plays an integral role in defining and assessing the organization s security strategy architecture and practices The ISO will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services The ISO must be able to translate the ITrisk requirements and constraints of the business into technical control requirements and specifications as well as develop metrics for ongoing performance measurement and reporting The ISO is involved during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans and that service expectations are clearly defined The ISO will also be responsible for working with business and IT stakeholders to balance realworld risks with business drivers such as speed agility flexibility and performance