Joanna Grama


Joanna Lyn Grama, JD, CISSP, CIPT, CRISC, is a Senior Principal and Partner with Vantage Technology Consulting Group. Joanna has more than 25 years of experience with a strong focus in law, higher education, information security, and data privacy. Joanna's passion for designing effective, standards-based, and end-user focused organizational information security policy frameworks helps organizations successfully evolve their information security program risk and compliance functions. Joanna is skilled at helping all technology users understand complicated information security and privacy concepts.

A former member of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, Joanna is a frequent author and regular speaker on information security and privacy topics. She is also a board member for the Central Indiana chapter of the Information Systems Audit and Control Association (ISACA); and a member of the International Association for Privacy Professionals (IAPP), the American Bar Association, Section of Science and Technology Law (Information Security Committee), and the Indiana State Bar Association (Written Publications Committee). The third edition of Joanna’s textbook, LEGAL ISSUES IN INFORMATION SECURITY, was published in late 2020. In 2021, Joanna completed a fellowship with the Future of Privacy Forum, serving on their youth and education privacy team.

Before joining Vantage, Joanna was Director of Cybersecurity and IT Governance, Risk and Compliance programs at EDUCAUSE where she directed programs designed to help improve higher education information security governance, compliance, data protection, and privacy postures. Joanna graduated from the University of Illinois College of Law with honors and practiced law before beginning her career in higher education as the director of information security policy and compliance at Purdue University. Her undergraduate degree is from the University of Minnesota-Twin Cities.

EDUCAUSE Publications

  • Have You Updated Your WISP Lately?
    • Blog
    • Author

    The policy lifecycle is a tool that information security practitioners can use to ensure that its WISP and related information security policies are properly managed from conception to retirement.

EDUCAUSE Presentations