Contributes to the development of organisational strategies that address information control requirements. Prepares and maintains a business strategy and plan for information security activities which addresses the evolving business risk and information control requirements, and is consistent with relevant IT and business plans, budgets, strategies etc.