They’ve dissolved it into a bunch of less visible and more scattered positions reporting to assorted business units; probably for reasons that their PR flacks would suggest stem from a pervasive focus on security; rather than the fact that nobody in charge of providing a bird’s eye view of what they do could stay on message.
And I suspect that the flack is spinning but not wholly lying: Facebook has nothing to gain from being insecure in the Yahoo sense of the term; so they probably do have a fair amount of locally focused effort ensuring that their numerous systems aren’t getting hacked horribly all the time; and that, while violations of norms and regulations may occur, what happens to Facebook’s data on Facebook’s systems is according to their design.
They just don’t want a C-level who has to deliver the “our engineers work tirelessly to ensure that all violations of your privacy, and boy that’s quite a list, are delivered to Facebook customers rather than kiddies with SQL to inject” summary.
