CISO jobs are growing and will continue to grow. In the aftermath of the subprime and consumer credit crises, firms will face more scrutiny over their information handling methods and procedures. When senior executives dodged responsibility for corporate fraud by asserting that they had no idea it was going on, Congress responded by enacting Sarbanes Oxley to force senior executives to personally attest that they do know what is going on with their financial reporting systems. This time around, some executives will try to dodge responsibility for making bad loans by claiming that their information wasn't accurate. Congress will enact legislation forcing them to attest that they know exactly how information is protected in their firms.
It will be a paradise for forensic auditors and senior information security executives. Firms cannot simply say, "we use firewalls and run anti-virus so our security program is complete and effective." There is much more to it than that.