The role is very different from sector to sector and even from company to company. It all depends on the maturity and external requirements or oversight. In the financial sector - it's anchored in second line of defense - which means advisor/risk and compliance(GRC)/ with the responsible to observe and report any activities that might jeopardize the set risk appetit from the board to executive management. You report independent to the board.
