A detailed history of the Chief Information Security Officer (CISO) role, tracing its origin to Citigroup in 1995 and exploring how it evolved from a technical IT role to a strategic business function. The article examines shifts across decades, global trends, modern challenges, and how the UK has uniquely adopted and adapted the CISO title, often slower and more varied than the US. It concludes that the role remains critical but inconsistently defined, particularly in public and hybrid sectors.