The SIRO should be a member of the Trust Board – or equivalent executive-level within NHSS/NHS organisations without Boards, who is responsible to ensure organisational information risk is properly identified and managed and that appropriate assurance mechanisms exist.
NHSS SIRO: http://www.informationgovernance.scot.nhs.uk/wp-content/uploads/2016/03/IS-Policy-Framework.pdf
NHS SIRO: http://systems.digital.nhs.uk/infogov/security/risk