You can take a look at the gov’t model which has become widely accepted in many industries.
It is based on FISMA, a public statute which governs all federal IT operations.
NIST is responsible for publishing the policies and guidlines: http://csrc.nist.gov/sec-cert/
The umbrella for all IT security operations is Information Risk Managment.
After that, find examples from trade magazines and other info sites regarding industries like yours who have created IT security positions like CISO, ISO, ISSO, etc. . .
Good luck! tg