From EU GDPR perspective you have to assign Data Protection Officer only in the following cases (GDPR Article 37):
"(a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
(b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.
" GDPR
So in case you operate under GDPR the answer to your question about number of DPO would be from 0 to at least one. In case, the organization does not have to assign it, I would still suggest to make your Information Security Officer aware of these responsibilities.
Re- your questions if such a person should be knowledgeable about applicable privacy regulations - I think s/he should. The scope of regulations very much depends on company's business model and where it offers its services (e.g. .Cloud) but you have to understand the data privacy implications for your business.
E.g. there are some requirements in GDPR which are quite specific (records of processing activities, contracts with processors etc.) that such a person should be aware of.