The importance of IT security and the growing value of data in the business world have led to the creation of specific roles to manage and protect the organization’s information assets.

Among these roles, I’d like to mention here that of the information assets manager.

In the course of my work I often receive the question about this role and I decided to write about it.

Atlas – Photo by Fabien BELLANGER on Unsplash

The role of the Information Asset Manager is crucial in ensuring that the security policies and measures dictated by the Chief Information Security Officer (CISO) are effectively implemented and maintained within the organization.

This role is essential to ensure the integrity, availability and confidentiality of the company’s information assets.

In practical terms, the asset manager is the person who purchases the equipment, software or service to which the security policy is to be applied.

  • The one who must protect the information under his responsibility

For example, the finance department needs accounting software. The asset manager therefore buys cloud software (SaaS).

Who should review access rights? You guessed it: the person responsible for information assets!

The role of the information asset manager

The Information Asset Manager acts as the custodian of the company’s data and information systems.

He or she is directly responsible for the proper functioning of each information asset, which means ensuring that all security measures are rigorously applied and respected. Specific tasks may include:

  • Implementing security policies: Apply the security guidelines established by the CISO and ensure that they are followed at all levels of the organization.
  • Asset Management: Maintain an accurate inventory of information assets and ensure that adequate security controls are in place for each asset.
  • Audit and Compliance: Carry out regular audits to verify compliance with security policies and identify potential deviations.
  • Training and Awareness: Raise staff awareness of the importance of information asset security, and train employees in appropriate security procedures.
  • Incident Management: Respond to security incidents in coordination with the CISO and other stakeholders to minimize the impact on information assets.

Who can fill this role?

The role of Information Asset Manager suits professionals with an understanding of information security and, above all, operations.

Previous experience in implementing security policies, risk management and incident response is essential. Candidates must possess excellent organizational skills, be able to work autonomously and communicate effectively with different stakeholders.

Distinction from other positions

Although working in close collaboration with the CISO, the Information Asset Manager is distinguished by his or her focus on the practical, day-to-day application of security policies. Unlike the CISO, who is responsible for defining overall information security strategy, the Information Asset Manager is more involved in the operational aspects of security.

Collaboration with security professionals

While the head of a department such as human resources may become responsible for a specific information asset, it’s crucial that he or she works closely with the company’s information security team.

This collaboration ensures that all security measures implemented comply with the company’s global policies, and benefit from the technical expertise of security professionals.

Who shouldn’t have this role?

Although the role of information asset manager can be extended beyond security professionals, it is important that the person in charge has a basic understanding of information security principles and is willing to collaborate with security teams.

Individuals who are reluctant to adhere to corporate security policies, who neglect the importance of data protection, or who don’t take the recommendations of security experts seriously, should not take on this role.

The role of information asset manager can indeed be assigned to individuals outside the strict domain of information security, provided they comply with the security practices and policies established by the company, and work closely with security teams to ensure the protection of the data and systems under their responsibility.

I invite you to click on “Follow” to continue learning more about the field of information security.