The Information Security Officer (often abbreviated ISO or ISB in German-speaking organizations) is the central role for information security. The officer coordinates the setup and operation of the ISMS, advises top management, and monitors the implementation of security controls. ISO 27001 does not prescribe the role by name but requires that responsibilities are clearly assigned. In practice, a dedicated officer is standard at most certified organizations. The role should be positioned to ensure independence — ideally with a direct reporting line to top management. Ongoing professional development in current threat landscapes and regulatory developments is a fundamental requirement.