IT Security Officer is a key role in ITSO created for leading cybersecurity implementation on a University-wide basis, in collaboration with relevant members in ITSO, as well as Cybersecurity Coordinators from sites/departments/offices/units. While the obvious goal is to attain and maintain a healthy level of cybersecurity for the entire University, the exact roles and responsibilities of the IT Security Officer will evolve with the development of the current cybersecurity threats. Currently, the Roles and Responsibilities of IT Security Officer include:

Operational Management of Cybersecurity

• Propose updates to the Cybersecurity Policy as well as adoption of best practices as required in light of emerging threats in cybersecurity
• Take the lead and collaborate with Cybersecurity Coordinators in the implementation of cybersecurity measures including but not limited to:
  1. Maintenance of IT Resource Record
  2. Compliance to Minimum Security Standard in IT Resource Hardening
  3. Incident Reporting and Handling
  4. Promotion of Awareness and Compliance
• Assist IT resources owners and users to perform risk assessment effectively and arrive at agreeable risk classifications of IT resources

Compliance and Escalation

• Lead the compliance monitor effort for cybersecurity
• Escalate any issues arising from misclassification of risks, non-compliance as well as emerging cybersecurity threats up to VP-AB such that appropriate actions can be implemented on a University-wide level

Related Links

• Cybersecurity Policy
• Cybersecurity Incident Handling Policy
• Minimum Security Standard
• Risk Classification Examples of Common IT Resources