InfoSec’s primary mission is to keep risk to a manageable level. These are almost most the same but not quite. Unfortunately, the infosec are the people who occasionally need to say no… or at least “slow down.” But when push comes to shove, the IT folks will say “damn the torpedoes, full speed ahead.” Not always a good idea for security.
Sometimes instead of pushing ahead, IT chooses not to do something in order to fulfill a greater business mission. This thing could be upgrading firewalls, patching vulnerable services or fixing broken anti-virus.