What Constitutes an Effective Technology and Cybersecurity Risk Program?

The author, who works in risk management at a medium to large financial institution, seeks opinions on the essential elements of an effective technology and cybersecurity risk management program. They suggest that such a program should include genuine accountability, risk reviews integrated into change management, real problem-solving, control tests related to business relevance, and dashboards that inform decision-making.