A stablecoin issuer’s CISO, as referred to in Paragraph SIO-9.6.7(d), is responsible for overseeing and implementing the stablecoin issuer’s cyber security program and enforcing its cyber security policy. The CISO must report to an independent risk management function or the stablecoin issuer must incorporate the responsibilities of cyber security risk into the risk management function.