It looks like CISA should employ a CISA.

https://www.cisa.gov/

https://www.isaca.org/credentialing/cisa