Skip to content

Governance, Risk and Compliance (GRC) evaluates and communicates risk, and advises on “where the line is” as it pertains to compliance, standards, policy, and other requirements set by the university.

We provide university administration, faculty, and staff with an understanding of their posture to enable more informed decisions. Ultimately, final decisions as to risk and risk accepatance are up to authorized university leadership.

If you are unsure who can officially accept certain risks, what the applicable processes look like, who the data stewards for certain data types are, or who the risk holder might be for an existing gap, GRC can help.

Services Available

If you are working with university data, one way to begin is to review the way that data is classified and to take a data classification survey

Reach Our Team

Email and include the service you are inquiring about in the subject line.

Team Members

  • Sandra Thompson, Assistant Director
  • Larry Dunham, Digital Risk Officer
  • Mark Baldwin, Senior Cybersecurity Engineer
  • Josh Erenberg, Cybersecurity Risk Analyst
  • Jesse Marsh, Cybersecurity Risk Analyst
  • Zane Budnovich, Cybersecurity Risk Analyst
  • Dan Ogwal, Cybersecurity Risk Analyst