Re: CISO on its own?
For a bank, risk/security is very much a field in its own...
Contrast this with retail where the main thrust of "security" is to reduce shrinkage (vanishing inventory). I caught the facility security manager installing malware infested freeware on her computer on a regular basis. I could not get her to understand that her machine was connected to every other one on the network, including and especially those the company used to generate profits.