Chief information risk officers must have a keen understanding of — and interaction with — the business.Source