The role of the CISO is evolving to become the CIRO (Chief Information Risk Officer) to better align information security with business objectives. Drivers for this change include the growing importance of information to businesses and increased expectations from boards. To become a CIRO, one must adopt a risk-based approach, demonstrate business acumen, and have strong communication and leadership skills. The CIRO role oversees a broader set of functions beyond security to holistically manage information risk across the enterprise.