Chief Digital Risk Officer


Chief Digital Risk Officer

ORGANIZATION                University of Illinois System
REPORTS TO                     Avijit Ghosh, Vice President, Chief Financial Officer & Controller
LOCATION                          Urbana, IL



Established in 1867 as the public land grant university of the State of Illinois, the University of Illinois System has achieved international recognition as a center of higher learning. With universities in Urbana‐Champaign, Chicago, and Springfield, including a major health sciences center in Chicago, the U of I System’s (University’s) reach is extensive. The system (university) enrolls over 90,000 students and employs more than 29,500 (FTE) faculty and staff who contribute to the missions of teaching, research, public engagement, and economic development. Nearly 800,000 alumni hold University of Illinois degrees. The university’s FY 21 annual operating budget of $6.7 billion is made up of extensive Federal research funding, gifts from alumni and friends, and support from the people of the State of Illinois.

Here’s a link to other UI system information



The University of Illinois System is seeking a seasoned information security, risk, and governance professional to be responsible for establishing and maintaining the University of Illinois System's digital risk management (DRM) program. Digital Risk is comprised of the challenges related to continuous change and increasing complexity in the U of I System's operations, technology, and threat environments as they relate to cybersecurity, privacy, compliance, business continuity, and risk management. The CDRO will serve as the dedicated U of I System advocate for digital risk management and support the implementation of the recommendation made by the System-wide Task Force on Cybersecurity; formulate cybersecurity strategy, collaborate across U of I System to grow risk-aware culture, report metrics to executive leadership, and manage and oversee shared digital-risk services; and, add capacity for cybersecurity functions at all levels to focus on execution, operations, and organizational specific needs.


The CDRO proactively works with university and other partners through a shared governance approach to implement practices that meet agreed-upon policies and standards for digital risk. The CDRO advocates for and supports existing functions to ensure that information assets and flows are adequately protected. The CDRO also partners with existing functions to oversee assurance activities related to the availability, integrity, and confidentiality of information owned or processed by the U of I System. As a result, the CDRO understands and articulates the impact of risk on U of I System operations and communicates this to the Board of Trustees, executive leadership, and other senior stakeholders so they can balance this with their risk appetite and investment levels.

Duties and Responsibilities Include but are not limited to the following:

  • Lead the DRM practice across the U of I System to ensure consistent and high-quality digital support of the U of I System's mission.
  • Develop a digital risk vision and strategy that enables and facilitates the U of I System's objectives and ensures senior stakeholder buy-in and mandate.
  • Develop and enhance an up-to-date DRM framework based on industry-recognized standards (such as NIST) including:
  • Facilitate a digital risk governance structure through the implementation of a hierarchical governance program. Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards.
  • Provide regular reporting and metrics on the status of the digital risk program to the CFO, enterprise risk teams, senior leaders, and the Board of Trustees to guide resource allocation decisions and promote a digital risk culture.
  • Collaborate with the U of I System privacy and cybersecurity groups to provide a common set of services to allow the universities and the hospital to focus on their organizational specific needs.
  • Lead development of a rolling three-year digital risk roadmap to execute and maintain effective digital risk governance and programs.
  • Coordinate reporting of digital risk incidents and events across the System. Track digital risk incidents and events, identify trends, share information across the System, and work with stakeholders on strategies to reduce risk.
  • Provide guidance related to information flows in the digital ecosystem to ensure adherence to legal and regulatory standards.


Required Qualifications and Experience

  • Bachelor's degree in MIS, Computer Engineering, equivalent technology discipline, or related field
  • Certifications: At least one of the following: CISSP, CRISC, CISM, HCISSP, CIP/US, CIPM.
  • Demonstrated leadership as a visionary leader and advocate with sound knowledge of business management and a working knowledge of digital risk and cybersecurity technologies covering the academic, research, business, and digital environment.
  • Understanding IT as well as the overlap of technology and the physical world and oversees cybersecurity and risk management activities to support the achievement of institutional objectives.
  • Minimum of 10 years of experience in a combination of risk management, information security, and IT with at least five years in a senior leadership role.
  • Demonstrated experience with oversight of digital risk programs, in coordination with senior leadership in finance, risk, security, compliance, and key functions, preferably in a higher education environment.
  • Experience delivering timely reports to executive board-level leadership, coordinating, and leading, and partnering with governance and advisory groups and varying stakeholders and leaders at multiple levels and functions across a large enterprise environment.
  • Proven track record and experience in developing digital risk policies and procedures, as well as successfully executing programs that meet the strategic objectives.
  • Experience leading and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • Experience working with common digital risk management frameworks, such as ISO/IEC 27001, ITIL, COBIT, and ones from NIST.
  • Demonstrated excellent verbal and written communication skills.
  • Demonstrated customer service and stakeholder management skills.
  • Demonstrated ability to maintain high security/privacy controls when dealing with sensitive information.
  • Knowledge and understanding of relevant legal and regulatory requirements, such as FERPA, HIPAA, GDPR, GLBA, PCI-DSS, PIPA, BIPA.
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.
  • Must be a critical thinker, with strong problem-solving skills.
  • High degree of initiative, dependability, and ability to work with little supervision, while able to react and adapt to change.
  • High level of personal integrity, as well as the ability to handle confidential matters professionally, and show an appropriate level of judgment and maturity.
  • Demonstrated ability to create a strategic vision related to digital risk.
  • Experience leading in a higher education institution is preferred but not required.


To apply, please submit a cover letter and resume to no later than July 25, 2021.   

A more detailed position profile is available upon request.

The University of Illinois System conducts background checks on all job candidates upon acceptance of a contingent offer of employment. Background checks will be performed in compliance with the Fair Credit Reporting Act. The University of Illinois System requires candidates selected for hire to disclose any documented finding of sexual misconduct or sexual harassment and to authorize inquiries to current and former employers regarding findings of sexual misconduct or sexual harassment. For more information, visit

The University of Illinois System Office is an affirmative action/equal opportunity employer dedicated to building a community of excellence, equity, and diversity. The System Offices welcome applications from women, underrepresented minorities, individuals with disabilities, protected veterans, sexual minority groups and other candidates who will lead and contribute to the diversification and enrichment of ideas and perspectives.