Digital Risk Council

Introduction

Digital risk encompasses the challenges of continuous change and increasing complexity in the organization's operations, technology, and threat environments relating to cybersecurity, privacy, compliance, business continuity, ICT accessibility, and risk management. Given these challenges, it is critical that the University of Illinois System have an effective digital risk program and governance. To help address this need, the System Executive Risk Management Council (SEMRC) charged the Digital Risk Council (DRC) to address all aspects related to digital risk.

Purpose

The DRC serves in an advisory role to the Chief Digital Risk Officer (CDRO). The purpose of the DRC entails providing advice, input, and recommendations to U of I System on the following:

Digital risk needs, priorities, decision-making, and metrics

Communications, processes, procedures, and policy needed relating to digital risk

Resource investment in people, process, products, and shared services that align with current and future digital risk needs, address digital risk gaps, and enable the organization to achieve its mission

Principles

In all decisions and actions, the DRC will value these principles:

Encourage open dialog and input from our diverse community and represent all voices in making recommendations

Do not re-invent the wheel; leverage existing capabilities, governance, and collaborations to realize shared success

Understand that digital risk management and governance will mature over time, so take appropriate action now, as incremental progress is better than no progress

Utilize outcome-based governance to focus on achieving institution objectives per risk appetite that focuses on enabling people, capabilities, and opportunities through digital efforts

Be intentional, agile, and forward-thinking

Keep policies and programs simple

Structure

Representatives

Chief Information Officer
Controller
University & Hospital Information Security Officers
Senior Human Resources
University Senates Conference
Purchasing
Vice Chancellor - Research
Vice Chancellor - Student Affairs
Vice Chancellor - Academic Affairs

Advisors

University Counsel
University Audits
University Ethics & Compliance
Enterprise Risk Management
HIPAA Privacy & Security Official
Hospital Privacy Officer
ICT Accessibility

Membership

The DRC represents major functional areas across the U of I System. Membership includes representatives and advisors designated by leadership or governance/operational groups or determined based on their job title/role. Because of their job title/role, members of the DRC and those who serve as advisors will be permanent members. Members designated by leadership or governance/operational groups will serve staggered two year-terms on the DRC.

Representatives

Academic Affairs

David Chestek, UIC
Michele Gribbins, UIS
Christopher Larrison, Illinois

Chief Digital Risk Officer, Chair

Joe Barnes

Chief Information Officer

Mairéad Martin, Illinois
Matt Riley, UIC

Controller

Brent Rasmus

Human Resources

Nick Haubach, Hospital
Shari Mickey-Boggs, Illinois
Jason Kosowski, UIS
Jami Painter, System Offices
Ken Scott, UIC

Information Security Officer

Murad Dikeidek, Hospital
Kim Milford, Illinois/UIS/SO
Shefali Mookencherry, UIC

Purchasing

Brad Henson, Illinois
Jill Menezes, UIS
Aaron Rosenthal, UIC
Daniel Szajna, System Offices

Research

Michele Gribbins, UIS
Spyros Kitsiou, UIC
John Towns, Illinois

Student Affairs

Ashley Dye, Illinois
Matthew Miller, UIC
Brian Catherwood, UIS

University Senates Conference

Roy Campbell

Advisors

HIPAA Privacy and Security Official

Stefan Wahe

Hospital Privacy Officer

Margaret Pajak

ICT Accessibility

Keith Hays

University Audits

Gene Fruit

University Counsel

Mike Harte
Seth Baker

University Enterprise Risk Management

Joda Morton

University Ethics and Compliance

Melissa Mlynski

Support Staff

CDRO Administrative Assistant

Stephanie Shockey

Digital Risk Office Project Coordinator

Heather Myers