Unit Information Security Lead (UISL) Job Description - Short

Definition: 

A Unit Information Security Lead is the person(s) designated by a Unit Head as responsible for ensuring execution of information security activities within the Unit. Full definition

The UISL doesn’t need to be a technical person (though they can be). The role is responsible for ensuring implementation of information security in the unit, not necessarily for performing it. For IT Client Services-supported Units, the UISL is expected to partner with ITCS for areas requiring technical support. This means that some UISLs will primarily have a coordination role, while more technical UISLs will likely be directly involved in implementation. Where a UISL falls on this spectrum will impact their direct workload associated with the role.

Below is a summary of key tasks and time commitment associated with this role. A more complete description and list of responsibilities is available here: UISL “Job Description”.

Initial Tasks

approx. 8-16 hours

  • Review Unit information security metrics in the Unit Information Security Metrics Dashboard
  • Review Unit assets, registrations, and Security Contacts in NetReg
  • Complete a high-level IS-3 Unit self assessment and review results with the Unit Head

Ongoing Tasks

5-10% FTE

  • Annual review of initial tasks, above
  • Ensure Unit compliance with MSSND, MSSEI, and UC Minimum Security Standards
  • Ongoing liaison role with Unit Head and ISO
  • Development and annual review of a Unit security plan

  • Review and update Unit-managed access rights at least annually

  • Work with Procurement to ensure proper data security contract language for Suppliers

  • Work with HR to ensure consistent HR security processes and procedures are in place

  • Report potential security incidents and ensure security notices from ISO are addressed
  • Maintain active membership in UCB-Security mailing list and ISWorkgroup

Time Estimate Notes

  • Time estimates do not include security-related work already being done by the unit.
  • Initial Tasks may take longer for large, complex units; IT Service Providers; and units with significant P4 or A4 assets or external compliance obligations. 
  • Ongoing Tasks: Workload will likely be in spurts, not constant throughout the year.

UISL Resources