Well, when you are a CISO you also need to know your actual responsibility.
In Europe you are a normal employee with normal responsibilities and nobody sane would risk their future by going against the law. The IKEA CSO did that and was in jail.
I was asked twice to provide a statement for a US court (being European and living there). Just for the fun I asked or legal department to provide me with a full written explanation of the consequences, the risks and how much I would get paid to do something like that that is outside my contact. Everything stopped there and some poor fellow in the US did that instead.
I then asked why this isn't the legal dept that is issuing these statements in the name of the company. I got some complex explanation why they could not bear the risk.
Being a CISO means managing risks, including yours.
In Europe you are a normal employee with normal responsibilities and nobody sane would risk their future by going against the law. The IKEA CSO did that and was in jail.
I was asked twice to provide a statement for a US court (being European and living there). Just for the fun I asked or legal department to provide me with a full written explanation of the consequences, the risks and how much I would get paid to do something like that that is outside my contact. Everything stopped there and some poor fellow in the US did that instead.
I then asked why this isn't the legal dept that is issuing these statements in the name of the company. I got some complex explanation why they could not bear the risk.
Being a CISO means managing risks, including yours.