All security policies are owned by the Chief Operating Officer (COO). The Security Review Team (members in Security, Engineering, and Operations) are responsible for reviewing the policies.
The Chief Operating Officer and the Security Review Team are responsible for implementing the processes and controls laid out in the security policies, and pulling in other employees as needed.
The Chief Operating Officer is responsible for reviewing and updating security policies on a quarterly basis.