“I think another attribute that I would think of is the risk concept of both speaking about risks. He [the
security manager] thinks of risks from a very technical nature and he understands that component
incredibly well, and I come almost from a process prospective. You put those two together and all of a
sudden stuff starts popping out. We've got this, we've got this, we've got this, and then when we look at
solutions, and it's the same thing. He's got the technical expertise, a lot of times I'm bringing in the
process side of it, and we can find figure a solution to meet those different types of risks.” — Internal
Auditor, institution C.