Manager — Xiso

Below is a template you can adapt for your organization. Report: Role & Effectiveness of the XISO Manager Prepared For: Senior Management / Information Security Steering Committee Date: [Current Date] Report ID: GRC-XISO-2026-01 Prepared By: [Your Name/Role] 1. Executive Summary The XISO Manager (eXtended Information Security Officer) serves as the critical bridge between the CISO’s strategic vision and the business units’ day‑to‑day operations. This role goes beyond a traditional ISO by embedding security practices directly into product development, IT service management, and compliance workflows.

| KPI | Target | Measurement Frequency | |-----|--------|----------------------| | % of local risk assessments updated on time | ≥ 95% | Monthly | | Average closure time for internal audit findings | ≤ 15 days | Quarterly | | Number of non‑conformities per department in surveillance audits | ≤ 2 | Per audit cycle | | Completion rate of function‑specific security awareness | 100% | Quarterly | | XISO response time to control evidence requests | ≤ 4 business hours | Weekly | Based on a typical assessment of an organization implementing an XISO model: xiso manager

| Role | Name | Signature | Date | |------|------|-----------|------| | CISO | | | | | GRC Director | | | | | Chair, Security Steering Committee | | | | Below is a template you can adapt for your organization