FOUNDED 2025 · INDEPENDENT UK PRACTICE

The CISO Role, Rewritten

How the CISO mandate is changing under DORA, NIS 2, the EU AI Act and SMCR.

The CISO mandate is being rewritten by four converging forces: DORA, NIS 2, the EU AI Act and SMCR. This paper sets out the new job description, the new accountability boundary, the new reporting line, and the credentials a board should now require.

Download the paper · PDF · 18 pp Related service · CISO Advisory & vCISO
02Use this paper when

Scenarios where this paper earns its place on the desk.

  1. 01Hiring or replacing a CISO
  2. 02Reviewing the CISO job description and reporting line
  3. 03Defining CISO accountability under SMCR or board minutes
  4. 04Setting CISO remuneration against new regulatory exposure
03What you'll find inside

Artefacts and templates included with the paper.

  • ARTEFACT
    CISO job description template
  • ARTEFACT
    RACI for security accountability
  • ARTEFACT
    Board reporting cadence
  • ARTEFACT
    Succession planning checklist
04If this is on your desk
RELATED SERVICE

CISO Advisory & vCISO

Open service  →
RELATED TOOLKIT

ISO 27001 + NIST CSF toolkits

Open toolkit  →
RELATED READING

Why Cyber Transformations Stall (dispatch)

Open  →
Paul Jolliffe, Founder of InfoSecAI
AUTHOR

Paul Jolliffe

FOUNDER · INFOSECAI · MBA · CISSP · ISO 27001:2022 LA / LI / IA · PRINCE2 Practitioner

Twenty years of senior security leadership across financial services, healthcare, government, telecoms and technology. Independent UK practice founded 2025. Author of the InfoSecAI insights library.

Book a 30-minute working consultation About the practice

Get The Brief: practitioner notes on what is changing.

Weekly. No tracking pixels, no marketing automation. Unsubscribe in one click.