If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.
If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.