Skip to main content
IT Service Status
IT Service Status

New Information Security Team Enhances University Protections

Posted Date: November 19, 2025

The Information Security Office (ISO) has established a new team to oversee security related to data risks and compliance. The Information Security Governance and Risk Management team is led by Ken Turner, associate director, and supported by two risk and compliance analysts, Feda Jarad and Cameron Williams.

The ISO has historically played a crucial role in supporting the Northwestern community by conducting third-party risk assessments and developing policies, standards, and guidance to protect University systems and institutional data. As the technology landscape has evolved, especially with the rapid growth of public cloud services, the widespread use of software-as-a-service platforms, and the increasing complexity of regulatory requirements for research and administrative data, the need for a dedicated team to oversee these functions has become evident. With this addition, the ISO now includes three coordinated teams, in addition to dedicated staff focused on the IT contracts review process.

  • Security Operations and Engineering, led by Nowell Arnold, associate director of Information Security and deputy chief information security officer, oversees threat monitoring, incident response, and infrastructure security.
  • Identity and Access Management, led by Myndi Brown, associate director of identity and access management, manages authentication, authorization, and identity lifecycle services.
  • Governance and Risk Management, led by Ken Turner, associate director of information technology planning, extends the office’s ability to support the University in navigating regulatory obligations and technology risks.

The new Governance and Risk Management team will continue to manage Northwestern's third-party and supplier risk program while significantly expanding into several key areas. These include developing policies and standards, reviewing system security plans, creating data protection strategies, assessing and advising on policy exception requests, and developing new technologies and workflows to streamline and automate compliance evaluations.

This team is positioned to serve as a resource not only to Northwestern IT teams but also to distributed IT units across the schools, divisions, and research centers, as well as to faculty, staff, and administrative partners who require guidance on data protection and compliance expectations.

By strengthening these capabilities, the ISO is better equipped to support the University's mission, protect sensitive information, and ensure that Northwestern remains resilient and compliant in an increasingly complex digital and regulatory environment.