Joanna Lyn Grama, JD, CISSP

Joanna has more than 20 years of experience with a strong focus in law, higher education, information security, and data privacy. Joanna's passion for designing effective, standards-based, and end-user focused organizational information security policy frameworks helps organizations successfully evolve their information security program risk and compliance functions. Joanna is skilled at helping all technology users understand complicated information security and privacy concepts.

A former member of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, Joanna is a frequent author and regular speaker on information security and privacy topics. She is also a board member for the Central Indiana chapter of the Information Systems Audit and Control Association (ISACA); and a member of the International Association for Privacy Professionals (IAPP), the American Bar Association, Section of Science and Technology Law (Information Security Committee), and the Indiana State Bar Association (Written Publications Committee). She has earned the CISSP, CIPT, CDPSE, CRISC, and GSTRT certifications. The third edition of Joanna’s textbook, LEGAL ISSUES IN INFORMATION SECURITY, was published in 2020.

Before joining Vantage, Joanna was Director of Cybersecurity and IT Governance, Risk and Compliance programs at EDUCAUSE where she directed programs designed to help improve higher education information security governance, compliance, data protection, and privacy postures. Before her EDUCAUSE experience, Joanna worked in the IT group at Purdue University as the Information Security Policy & Compliance Director. Joanna graduated from the University of Illinois College of Law with honors and practiced law before joining the Purdue staff. Her undergraduate degree is from the University of Minnesota-Twin Cities.