The executive accountable for an organization's information security strategy, program, and risk decisions.