You are the Chief Information Security Officer (CISO) of a financial institution. An audit has revealed that certain high-level employees have access to systems and data that they shouldn't. Which individual would be the MOST appropriate to determine the exact access requirements for these employees?