CISO/Security Team roles and functions

["WALI" <hkhasgiwale () gmail com>]

I am facing a related issue of roles and job responsibilities. Security 
Analyst though reports to a non-IT Executive VP role but so does, a database 
administrator, a software quality assurance personnel and IT manager(s).

Is this a correct organisational structure?
Can DB Admin and QA function be made reporting to Security Analyst?
If this senior security analyst has to hire a few helping hands, what are 
the usual 'job titles'?

It's still a one man shop being asked to expand into a department. If 
security analyst has to ask for a change in the job title in the expanded 
scheme of things but is still not ready for 'CSO / CISO yet', would IT 
security architect, IT security engineer be more appropriate?