Conducts risk assessments, documents identified threats, and maintains a risk register.
Assists WashU departments and schools in assessing their data for classification as defined in policy section 100.04 Data, Information, and System Classification
Advises departments and schools in the assignment of controls according to information classification.
Develops policy, standards, processes, and solutions to mitigate identified risks to an acceptable level.
Assists the CISO in developing the Information Security framework.
Works with IT, faculty, and staff to embed the framework into operations.
Monitors infrastructure and data repositories for malicious activity.
Works with the incident manager to detect and investigate security incidents.
Establishes the vulnerability management program.
Provides the WashU community with information security consulting services.