Structure and communication between IS, Risks and IT

Answer:
I am sorry but I am not sure if I have understood your question. Anyway, if we see Information Security, Risks and IT as different process, from my point of view Risks and IT give support to Information Security, I mean, Risks and IT give information to Information Security (without this information the Information Security management is not possible).

With this structure, I think that the communication between these process is easy: Information Security requests information about risks, Risks identifies information security risks and the security controls that are necessary (this information can be coordinated directly with IT), Information Security receives the information and request IT for the implementation of information security controls.

Risks and IT can also give information to others process, for example Business Continuity Management, Quality Management, etc.

By the way, maybe our online course can be intere sting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

Finally, you can find in our Free Download section the white paper "Integration of Information Security, IT and Corporate Governance", that I think can be interesting for you : https://advisera.com/27001academy/free-downloads/