safeguards information by seeing that security risks are identified, assessed, and accurately reported role and acting as the focal point for security compliance-related activities and responsibilities. KEY values. Must be able to transform the business's IT-risk-based needs and restrictions into technical control comprehensive enterprise information security and IT risk management program to ensure that information assets with the business units to facilitate risk assessment and risk management processes. Work closely with