The Digital Risk and Security team at UCOP collaborates with locations to enhance systemwide cybersecurity. The team provides services to address timely and pervasive issues such as cyber security, risk assessment, data security breaches, data leakage, identity theft and system outages across organizations of various sizes and industries, with the goal of enabling ongoing, secure and reliable operations across the enterprise. The UCOP Digital Risk and Security is seeking a Governance, Risk, and Compliance (GRC) platform to perform third-party / vendor IT risk assessments (VRM) and to manage internal IT Integrated Risk Assessments (IRM). This is intended to be made available systemwide across all ten UC campuses. The chosen platform will allow UC locations to manage workflows for different kinds of assessments, including gathering vendor questionnaires, performing risk analysis, tracking status, and reporting. For IT teams this includes administering framework-based IT assessments, analyzing IT risk and developing actionable reports. Additionally, the solution will allow sharing of vendor information with other locations via a searchable internal vendor repository and will support rollup risk reporting for location leadership and globally aggregated results to senior UC leadership. UC is in the midst of strengthening its cyber risk assessment capabilities, with the goal of delivering a scalable and adaptive assessment methodology. The selected platform will underpin the development of a systemwide assessments service, which will be managed by an in-house team. The team at UCOP will use the platform to develop and build baseline workflows and templates aligned with the cyber risk management objectives. Meanwhile, local teams at each UC location will conduct assessments independently and will manage and upload results into the platform.
