Thankfully, most organizations now have a Chief Information Security Officer. The CISO's primary function is to stand in the gap between the business and all the IT related risks that surround the modern-day organization. He or she may have a staff of trained security professionals, or perhaps your leader has engaged third party service providers for many of the necessary controls. Regardless, the CISO is the where 'the buck stops' when it comes to IT risk management.
If you are a senior executive or a board member, you should become friends with your CISO and engage in a plain-English conversation. Looking for a place to start? Read this paper.