When it comes to DevSecOps, what’s the role of the CISO and who’s responsible?

"I don't own risk for the organisation.  It's my job to inform management and my peers on what I think is the right thing to do and why"