CISO

The Chief Information Security Officer is the senior executive accountable for an organization’s information and cyber security strategy, covering both shore IT and shipboard operational technology in a shipping company. The role typically owns the risk register, the security policy set, incident response, and reporting to the board. In maritime governance the CISO’s mandate intersects the Designated Person Ashore and the Company Security Officer, because IMO Resolution MSC.428(98) folds cyber risk into the ISM Code safety management system rather than treating it as a separate IT function. ISO/IEC 27001 anchors the management-system approach the CISO usually adopts.