UnixTime

Research Note

Template - Information Security Role Definition

Use this for roles with significant information security responsibilities, such as system owner, asset owner, administrator, incident manager, vendor owner, or risk owner.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this for roles with significant information security responsibilities, such as system owner, asset owner, administrator, incident manager, vendor owner, or risk owner.

Role Title:
Department / Function:
Role Holder:
Manager:
Effective Date:
Version:
1. Purpose of Role
Describe the role's purpose in relation to information security.
2. Information Security Responsibilities
The role is responsible for:
- [Responsibility 1]
- [Responsibility 2]
- [Responsibility 3]
3. Information Security Accountabilities
The role is accountable for:
- [Outcome 1]
- [Outcome 2]
4. Authority
The role is authorized to:
- Approve [type of decision]
- Escalate [type of issue]
- Access [systems/information]
- Accept or recommend [risk/exception], where applicable
5. Required Policies and Procedures
The role must comply with:
- Information Security Policy
- Access Control Policy
- Incident Management Procedure
- [Other relevant documents]
6. Required Training
The role must complete:
- General security awareness
- Role-specific training
- Privileged access training, if applicable
- Incident response training, if applicable
7. Delegation
Responsibilities may be delegated only when:
- the delegate is competent;
- authority is clear;
- records are maintained;
- the role holder verifies completion.
Accountability remains with the role holder unless formally reassigned.
8. Review
This role definition shall be reviewed:
- at planned intervals;
- when the role changes;
- after significant changes to systems, processes, risks, or policies.
Acknowledgement:
Role Holder Name:
Signature / Approval:
Date:
Manager Name:
Signature / Approval:
Date:
  • Template
  • Roles
  • A5 2

Note Metadata

Aliases: Information Security Role Definition

Source: 90 Templates/Information Security Role Definition.md