Chief information security officer is not a new title — but the job is changing.
A chief information security officer (CISO) is a senior-level executive who oversees the security of an organization’s information, cyber and technology, according to AI infrastructure provider Cisco.
However, the job now includes overseeing AI governance, AI risk and AI policy.
Ninety-six percent of CISOs reported they are now responsible for AI governance, risk management and policy at their organizations, according to “The CISO Report 2026: From risk to resilience in the AI era,” conducted by Splunk, a Cisco company. The report is based on a survey of 650 CISOs worldwide.
The report also found that 79% of CISOs said their roles have become significantly more complex.

Changing role
Before AI, the role of the CISO was back-end security compliance and incident response, Jay Thurston, field CISO at technology provider Thales, told FinAi News.
“Today, it’s all about [owning] consumer trust,” he said. That includes managing identity, data, data risk, AI risk and user experience.
Stephen McMaster, recently appointed CISO at Western Alliance Bank, agreed.

“Cybersecurity today is no longer about perimeter defense. It’s about resilience, identity, data protection and speed of response,” Stephen McMaster, CISO at Western Alliance Bank, told FinAi News.
AI-driven threats
The role of the CISO has evolved as threats have evolved.
“AI has fundamentally changed both the threat landscape and how we defend against it,” McMaster said.
Just as financial institutions are using AI and machine learning as defense tools and to streamline operations and improve offerings, the technology has also introduced AI-enabled threats, Five Star Bank CISO Scott Bader said in a message to the $6 billion bank’s clients.
According to Bader, those threats include:
- Deepfakes, fraudsters using AI to mimic voices and create impersonation scams;
- Phishing, using AI to craft convincing emails and text messages pushing consumers to reveal sensitive information;
- Real-time payment fraud, using AI in instant payment schemes, making it harder to detect and stop transaction fraud; and
- Social engineering at scale, in which AI is used to impersonate executives, manipulating employees and leading to organization breaches.
Cybersecurity today
To proactively fight these threats, FIs are adapting.
“Threat actors are more sophisticated, increasingly AI-enabled and operating at machine speed,” Western Alliance Bank’s McMaster said. “Our strategy has to be just as adaptive and intelligence-driven.”
The $90 billion bank has five pillars to fight AI-driven fraud:
- Secure by design. Embed security early in technology decisions.
- Cyber defense. Prioritize faster detection and response time using automation and advanced analytics.
- Human defense. Emphasize behavior-based, role-specific education to monitor for attacks.
- Third-party security. Strengthen governance, monitoring and controls with partners.
- Identity access and data. Strong authentication, least-privilege access and clear data visibility are foundational.
Five Star Bank has also invested in AI–powered security tools to detect and block threats in real time, according to the message to clients.
Investing in human intelligence
Monitoring the threat is imperative, and technology plays a role, but without the right people and training in place, it can’t be as effective.
“AI security skills have become one of the most in-demand competencies for entire organizations — not just the CISO,” Andy Schmidt, vice president and global industry lead for banking, at technology and professional services company CGI, told FinAi News.
Technology is not expected to replace security analyst jobs, instead CISOs are investing in a skilled workforce, according to the Splunk report.
“The executive role specifically is becoming more dependent on talent strategy, with institutions valuing specialists who can understand not only how AI systems can be attacked and secured, but also how AI can be used to preserve and protect critical systems and data,” Schmidt said.
New CISO appointments
The role of CISO is evolving and in demand, and several institutions have recently appointed CISOs to take on their security and AI governance efforts. These financial institutions appointed new CISOs in February:
- Envestnet named Rich Friedberg;
- First Horizon selected Leilani Farol; and
- SMBC Americas appointed Donna Hart.
Register here for the FinAi Lending Summit, set for Oct. 7-8 in Las Vegas.






