University of Illinois System

Digital Risk Council

Introduction

Digital risk encompasses the challenges of continuous change and increasing complexity in the organization's operations, technology, and threat environments relating to cybersecurity, privacy, compliance, business continuity, ICT accessibility, and risk management. Given these challenges, it is critical that the University of Illinois System have an effective digital risk program and governance. To help address this need, the System Executive Risk Management Council (SEMRC) charged the Digital Risk Council (DRC) to address all aspects related to digital risk.

Purpose

The DRC serves in an advisory role to the Chief Digital Risk Officer (CDRO). The purpose of the DRC entails providing advice, input, and recommendations to U of I System on the following:

Digital risk needs, priorities, decision-making, and metrics
Communications, processes, procedures, and policy needed relating to digital risk
Resource investment in people, process, products, and shared services that align with current and future digital risk needs, address digital risk gaps, and enable the organization to achieve its mission

Principles

In all decisions and actions, the DRC will value these principles:

Encourage open dialog and input from our diverse community and represent all voices in making recommendations
Do not re-invent the wheel; leverage existing capabilities, governance, and collaborations to realize shared success
Understand that digital risk management and governance will mature over time, so take appropriate action now, as incremental progress is better than no progress
Utilize outcome-based governance to focus on achieving institution objectives per risk appetite that focuses on enabling people, capabilities, and opportunities through digital efforts
Be intentional, agile, and forward-thinking
Keep policies and programs simple

Structure

Representatives

  • Chief Information Officer
  • Controller
  • University & Hospital Information Security Officers
  • Senior Human Resources
  • University Senates Conference
  • Purchasing
  • Vice Chancellor - Research
  • Vice Chancellor - Student Affairs
  • Vice Chancellor - Academic Affairs

Advisors

  • University Counsel
  • University Audits
  • University Ethics & Compliance
  • Enterprise Risk Management
  • HIPAA Privacy & Security Official
  • Hospital Privacy Officer
  • ICT Accessibility
Organizational structure chart

Membership

The DRC represents major functional areas across the U of I System. Membership includes representatives and advisors designated by leadership or governance/operational groups or determined based on their job title/role. Because of their job title/role, members of the DRC and those who serve as advisors will be permanent members. Members designated by leadership or governance/operational groups will serve staggered two year-terms on the DRC.

Representatives

Academic Affairs

  • David Chestek, UIC
  • Michele Gribbins, UIS
  • Carl Gunter, Illinois

Chief Digital Risk Officer, Chair

  • Joe Barnes

Chief Information Officer

  • Mairéad Martin, Illinois
  • Matt Riley, UIC

Controller

  • Brent Rasmus

Human Resources

  • Nick Haubach, Hospital
  • Shari Mickey-Boggs, Illinois
  • Jason Kosowski, UIS
  • Jami Painter, System Offices
  • Joanna Wolek, UIC

Information Security Officer

  • Murad Dikeidek, Hospital
  • Kim Milford, Illinois/UIS/SO
  • Shefali Mookencherry, UIC

Purchasing

  • Brad Henson, Illinois
  • Jill Menezes, UIS
  • Aaron Rosenthal, UIC
  • Daniel Szajna, System Offices

Research

  • Michele Gribbins, UIS
  • Spyros Kitsiou, UIC
  • John Towns, Illinois

Student Affairs

  • Ashley Dye, Illinois
  • Matthew Miller, UIC
  • Brian Catherwood, UIS

University Senates Conference

  • Roy Campbell

Advisors

HIPAA Privacy and Security Official

  • Stefan Wahe

Hospital Privacy Officer

  • Margaret Pajak

ICT Accessibility

  • Keith Hays

University Audits

  • Gene Fruit

University Counsel

  • Mike Harte
  • Seth Baker

University Enterprise Risk Management

  • Joda Morton

University Ethics and Compliance

  • Melissa Mlynski

Support Staff

CDRO Administrative Assistant

  • Stephanie Shockey

Digital Risk Office Project Coordinator

  • Heather Myers