SUMMARY:

Experienced, technological, compliance, governance, privacy, risk, and security professional. Created and implemented information security, data protection, privacy, and compliance strategies to protect information and reduce risk, using tactical skills to reach corporate objectives and create competitive differentiators. Engineered privacy into the SDLC, ensuring all technical control considerations were met. Translation of privacy by design (PbD), privacy engineering, and complex social, legal, and ethical concerns into business and system requirements. Demonstrated ability to work across cultures and geographies, working with senior executives to provide strategic counsel, clearly articulating ideas, successfully managing differing points of view, strengthening relationships, and rapport. Deep knowledge and passion for emerging technology, privacy issues, positions, and trends.

PROFESSIONAL EXPERIENCE:

Data Protection/Classification Program Manager

Confidential

Responsibilities:

• Lead architecting holistic methodologies, policies, procedures, standards, internal procedurals, SharePoint/OneDrive/Team creation, and tracking mechanisms for Enterprise DC and governance.
• Worked with W.R. Berkley's parent company and subsidiaries.
• Constructed the DC/Agile lifecycle program plan, establishing all requirements including scope, requirements, timelines, milestones, development, deliverables, deployment, cost, artifacts, etc. Monitored for task completion.
• Produced and published 2021 DC documentation including guides, departmental and employee FAQs, inventory instructions, plans, and training to ensure users were informed of the current DC effort. Addressed any questions as they arose during and post - training.
• Utilizing my ability to influence without authority, I worked with all employee levels to communicate and deploy the new data classification process mapped to their job functions.
• Collaborating cross-functionally with governance, legal, privacy, information security, software development, and other related business units “BU”, mapped the data classification levels to privacy data elements, required access controls, encryption methodologies, legal, and risk requirements.
• Set classification requirements for the next 12 months, proposing additional translation of practices into official policies and procedures to help mitigate risk while supporting business objectives.

Senior Compliance, Privacy, and Security Lead

Confidential

Responsibilities:

• SME for privacy, compliance, risk, and governance program management services for internal and external clients deploying a variety of international assessments covering relevant privacy, security, and risk frameworks.
• Developed, managed, and executed privacy, security, and security compliance tools to ensure program effectiveness and compliance with developed standards and requirements.
• Working with the client’s internal privacy, legal, development, and engineering teams created roadmaps into actionable guidance and steps towards compliance to meet their obligations under a variety of international laws.
• Drafted data flow maps based on complex systems and processes for international companies documenting how data flows in and out of the organization, at rest and in motion; on-site, and with third parties/vendors.
• Planned, coordinated, and conducted risk assessments for international clients in the areas of data protection, privacy, IT, risk, and security, resulting in gap analysis reports and remediation events.
• Led efforts for cross-mapping international data protection, privacy, and security regulations and best practices: designed and implemented control review assessments to support continuous compliance with security and privacy laws, regulations, policies, and standards.

Interim Privacy Officer

Confidential

Responsibilities:

• Interim Privacy leader of the CCPA/GDPR/HIPAA privacy program rollout for a recently acquired medical devices company.
• Implemented privacy and data protection requirements throughout the medical device SDLC including Software as a Medical Device SaMD .
• Evaluated, updated, and improved internal privacy and security to ensure thorough technological implementation of the data protection program.

Senior Compliance, Privacy & Security Lead

Confidential

Responsibilities:

• Led the implementation and preservation of a company-wide information data protection framework; ensured suitable control objectives for system integrity, confidentiality, accountability, and assurance within the limits and standards of company expectations.
• Developed organization-wide relationships with stakeholders communicated privacy program objectives effectively advocating privacy prioritization initiatives within the context of the company's ongoing business activities. Assessed operations to define all privacy requirements; implemented all necessary standards, policies, and plans to provide solid security protocols over SOC, SOX, HIPAA, EU Data Directive Directive 95/46/EC, ISO2700x frameworks and regulations.
• Tested, evaluated, and remedied internal controls through collaborative efforts with Security, Internal and External Audit, Technology, and other management and stakeholders to ensure compliance throughout all projects.

Data Privacy & Security Vendor Consultant/Senior Integrated Controls Manager

Confidential

Responsibilities:

• Engineered GRC Framework: creating the Test-Once, Satisfy-Many philosophies through the mapping of security policies to standards and cross-mapped various controls frameworks such as HIPAA, EU Data Directive Directive 95/46/EC, CIS, CSC, Data Protection, Privacy, Governance, CyberSecurity into cohesive internal controls.
• Interpreted appropriate local, state, and federal laws/regulations to ensure company compliance.

Security/Compliance Engineering Manager

Confidential

Responsibilities:

• Chartered the rollout of Confidential privacy and security control set: mapping security procedures to standards: FISMA, NIST 800-53 r4 + Appendix J, ISO 27002, SOC II, EU Data Directive Directive 95/46/EC, PCI DSS 3.2, CIS CSC, NIST CSF, and HIPAA-HITECH.
• Revised mappings including international privacy and cybersecurity controls, CJIS Security Policy, NERC CIP, FFIEC IT Handbook, HITRUST, and UK Cyber Essentials among others.

Privacy, CyberSecurity Officer

Confidential

Responsibilities:

• Privacy and CyberSecurity Office establishment: Established, initiated, and sustained privacy, security, cybersecurity, and medical product policies procedures, guidelines, and standards.
• Performed 510(k), Privacy and Cyber Security by Design, 13485 International Software as a Medical Device SaMD
• Assessments, Secure Software Development Lifecycle related duties.

Vendor Security Compliance Manager

Confidential

Responsibilities:

• Governed large-scale security, risk, and performance assessments of IS&T vendors; prepared reports on vendor performance, risk scoring, and KPI for management with clear and concise advisories.
• Designed project objectives, drafted vendor assessment programs, and collaborated with 3rd-party vendors to deliver effective project management, ROI, cost analysis, deliverables, and milestones.

Senior Marketing Privacy Compliance Analyst

Confidential

Responsibilities:

• Managed Marketing Data IT Privacy Framework Programs, developing company-based project methodology including stakeholder participation.
• Headed Confidential marketing privacy initiatives including 3rd-party vendors; provided company-wide global data compliance.

Senior IT Data Privacy Compliance Program Manager

Confidential

Responsibilities:

• Defined the strategy and desired outcomes of the privacy program ensuring alignment with strategic data protection objectives of the business.
• IT Data Privacy Office establishment: Privacy Governance Structure, Embedding Data Privacy into Operations, Continuous Improvement, Data Privacy Policies, Procedures, and Guidelines; Inventory and Mapping, Training / Awareness, 3rd-Party / Vendor Risks plus requirements definition, technical specification, test strategy, QA, deployment, multi-year communications plan, EU Data Directive Directive 95/46/EC .