We wound up with 2 Information Security Officers. The manager of our I.T. Department is the ISO for I.T. related information. I am the ISO for physical data and procedures. We collaborate on our Risk Assessment, policy updates, board reporting, training, etc.
Basically, it's rare to find one person who can cover all of Information Security. Since so much of it is I.T. related, you need someone well versed in technology issues. However, you also need someone who is familiar with all of the OTHER processes in the bank as well as all of the regulatory requirements and developments.
_________________________
CRCM,CAMS
Regulations are a poor substitute for ethics.
Just sayin'