In the past few years, the siloed IT security role has rapidly added to its responsibilities and transformed itself into the cross-functional information risk management role. This has left many firms scrambling to structure their security and risk organizations properly and effectively. Meanwhile, the tough economic climate poses another challenge, to do more with less. This presentation identifies the expanding security responsibilities and provides advice to deal with the economic uncertainty.