Experience

Yahoo

• Australia
• Online Media
• 100 - 200 Employee

• Privacy & Cyber Risk SME (Contract)

  • Jan 2023 - Nov 2023

  Remote  Led 90+ teams in an entity-wide critical data protection security and privacy advisory and assessment effort resulting in ecosystem changing results



Lucira Health

• United States
• Medical Equipment Manufacturing
• 1 - 100 Employee

• Data Protection Officer (Interim)

  • Apr 2022 - Jul 2022

  Data security and privacy expert implementing on interim basis, a global privacy and data protection program -Creating privacy budget and operationalizing same -Managed drafting of global Data Transfer Addendums, Standard Contractual Clauses, Privacy Statements, Cookie Notices Management of multi-country outside counsel Sole privacy expert creating budget as well as operationalizing: Cookie Technologies Consent & Preference Individual Rights Requests … Show more Data security and privacy expert implementing on interim basis, a global privacy and data protection program -Creating privacy budget and operationalizing same -Managed drafting of global Data Transfer Addendums, Standard Contractual Clauses, Privacy Statements, Cookie Notices Management of multi-country outside counsel Sole privacy expert creating budget as well as operationalizing: Cookie Technologies Consent & Preference Individual Rights Requests PIAs/DPIAs Inventorying & ROPA Data protection security expert on an interim basis creating budget and operationalizing: Written Information Security Program Data protection technologies GRC DLP MS, AWS Safety and Compliance technologies Expert guidance to 300-person company on NIST, ISO 27001, GDPR, CCPA, CPRA, PIPEDA, HIPAA and international privacy and data protection law Show less



The Clorox Company

• United States
• Consumer Goods
• 700 & Above Employee

• Data Protection and Privacy SME to CIO & GC (Contract)

  • Apr 2021 - Mar 2022

  Remote April 2021- March 10, 2022 Maturing the technical implementation and engineering underpinning of privacy & data protection operations globally for the CIO and General Counsel groups Agile development of entire privacy program & Privacy Operating Model Policy, standard, control SME integrating privacy operations with information security & data protection controls for CTO,GC, CISO teams



Mondelēz International

• United States
• Food and Beverage Manufacturing
• 700 & Above Employee

• Cyber Risk, Privacy and Data Protection SME To CISO (Contract)

  • Jul 2020 - Mar 2021

  Cyber Risk o Developing cyber risk governance maturity modeling and risk quantification for CISO and Board of Director committees Privacy o Matured an international Privacy program for the CISO developing innovative standards, controls, procedures and metrics to implement a global privacy framework tied to data security frameworks resulting in a bespoke comprehensive program o Created innovative Schrems II solutions leveraging unique security and privacy framework GRC methodologies… Show more Cyber Risk o Developing cyber risk governance maturity modeling and risk quantification for CISO and Board of Director committees Privacy o Matured an international Privacy program for the CISO developing innovative standards, controls, procedures and metrics to implement a global privacy framework tied to data security frameworks resulting in a bespoke comprehensive program o Created innovative Schrems II solutions leveraging unique security and privacy framework GRC methodologies o Advised on the launch of a consent and preference management platform  Incident Response o Matured an Incident Response program significantly reducing response time Show less



Acoustic

• United States
• Technology, Information and Internet
• 400 - 500 Employee

• Data Protection Privacy SME To GC (Contract)

  • Dec 2019 - Jan 2020

  New York City Metropolitan Area Ad Tech MarTech - (Consultant for Major Lindsey Africa @ Acoustic) | Location: NYC Delivered baseline for global privacy framework at a private equity startup (global adtech)



Avanade

• United States
• IT Services and IT Consulting
• 700 & Above Employee

• Privacy & Information Security Counsel (Direct Hire)

  • Feb 2018 - Dec 2019

  Remote Key Achievements: Implemented and matured incident response platform to integrate privacy and information security. Implemented and matured a GRC platform Implemented and matured a Written Information Security Program Designed a privacy program based on GDPR capable of meeting international data privacy regulatory changes across 23 countries. Implemented from green fields a GDPR and International Data Protection privacy program advising across 23 countries Matured SDLC… Show more Key Achievements: Implemented and matured incident response platform to integrate privacy and information security. Implemented and matured a GRC platform Implemented and matured a Written Information Security Program Designed a privacy program based on GDPR capable of meeting international data privacy regulatory changes across 23 countries. Implemented from green fields a GDPR and International Data Protection privacy program advising across 23 countries Matured SDLC and security assurance efforts (emphasis on pen testing standards) Led CISO audits across ISO 27001-27001, NIST 800-53 and various NIST control docs, Sans CSC, HIPAA security and privacy controls Advised on technology, privacy and information security aspects for contract matters including Master Services Agreements, Vendor Agreements, Professional Services Agreements, Work Orders / SOW's, Software Licensing Agreements, Non-Disclosure Agreements Reviewed and reduced cyber risk internationally across WISP (written Information Security Program) including but not limited to SOC, breach management, pen testing procedure review, Disaster Recovery, NIST/ISO framework audit and cyber risk review of broad CISO activities Designed 23 country GDPR program Advised on Penetration testing standards Assessed privacy and information security controls - BCR (Binding Corporate Rules), SCC (Std Contractual Clauses), security monitoring tools, security tools legal requirements, privacy regulations and cyber regulatory regulations and rationalizing same against works council requirements, international and domestic laws and operational requirements. Implemented international privacy and cyber regulatory requirements for international incident and breach response Guided the CISO and GC suite to integrate GDPR privacy and cyber security regulatory operational and frameworks into operations. Provided expert advice across all major departments regarding cyber regulatory risk Show less



Santander US

• United States
• Financial Services
• 500 - 600 Employee

• CISO Chief Information Security Officer | Director Information Security Governance (Dual Interim)

  • Aug 2017 - Jan 2018

  Holmdel, NJ • DUAL FT INTERIM ROLES • Designed an information security governance program embedded into the 1st Line of Defense for 6 entities across the USA o Presented to Board of Directors at holding company o Operationalize data protection efforts within the 1st line of defense o Embedding Privacy By Design and Data Protection Regulatory GDPR, GLBA, DPbD, State Data Protection, Breach, Destruction, Notice, Financial Health, and Industry security and privacy regs into the 1st Line of… Show more • DUAL FT INTERIM ROLES • Designed an information security governance program embedded into the 1st Line of Defense for 6 entities across the USA o Presented to Board of Directors at holding company o Operationalize data protection efforts within the 1st line of defense o Embedding Privacy By Design and Data Protection Regulatory GDPR, GLBA, DPbD, State Data Protection, Breach, Destruction, Notice, Financial Health, and Industry security and privacy regs into the 1st Line of Defense • Interim CISO for Santander Securities Show less



Avanade

• United States
• IT Services and IT Consulting
• 700 & Above Employee

• Privacy & Information Security Counsel (Contract)

  • May 2016 - Aug 2017

  Remote Key Achievements: Implemented and matured incident response platform to integrate privacy and information security. Implemented and matured a GRC platform Implemented and matured a Written Information Security Program Designed a privacy program based on GDPR capable of meeting international data privacy regulatory changes across 23 countries. • Implemented from green fields a GDPR and International Data Protection privacy program advising across 23 countries • Matured… Show more Key Achievements: Implemented and matured incident response platform to integrate privacy and information security. Implemented and matured a GRC platform Implemented and matured a Written Information Security Program Designed a privacy program based on GDPR capable of meeting international data privacy regulatory changes across 23 countries. • Implemented from green fields a GDPR and International Data Protection privacy program advising across 23 countries • Matured SDLC and security assurance efforts (emphasis on pen testing standards) • Led CISO audits across ISO 27001-27001, NIST 800-53 and various NIST control docs, Sans CSC, HIPAA security and privacy controls • Served in both a privacy counsel and senior information security officer capacity for the CISO and GC depts across 23 countries • Advised on technology, privacy and information security aspects for contract matters including Master Services Agreements, Vendor Agreements, Professional Services Agreements, Work Orders / SOW's, Software Licensing Agreements, Non-Disclosure Agreements • Reviewed and reduced cyber risk internationally across WISP (written Information Security Program) including but not limited to SOC, breach management, pen testing procedure review, Disaster Recovery, NIST/ISO framework audit and cyber risk review of broad CISO activities • Designed 23 country GDPR program • Advised on Penetration testing standards • Assessed privacy and information security controls - BCR (Binding Corporate Rules), SCC (Std Contractual Clauses), security monitoring tools, security tools legal requirements, privacy regulations and cyber regulatory regulations and rationalizing same against works council requirements, international and domestic laws and operational requirements. • Implemented international privacy and cyber regulatory requirements for international incident and breach response • Consulted across 23 countries cyber regulatory risk Show less



The Depository Trust & Clearing Corporation (DTCC)

• United States
• Financial Services
• 700 & Above Employee

• Information Security and Privacy SME (Contract)

  • Jul 2015 - Dec 2015

  Jersey City, NJ Information Security and Privacy SME (Contract Consultant) Company: DTCC | Dates: 7/15 to 12/18/2015 | Location: Jersey City, NJ • Consultant and counsel advising on information security, data privacy and cyber risk across 18+ foreign jurisdictions (EEA, USA) • Generated technical cyber risk and information security metrics, KPI reports, risk data and cyber security enterprise wide cyber risk reduction • Consultant counsel advising on cyber IT control and data… Show more Information Security and Privacy SME (Contract Consultant) Company: DTCC | Dates: 7/15 to 12/18/2015 | Location: Jersey City, NJ • Consultant and counsel advising on information security, data privacy and cyber risk across 18+ foreign jurisdictions (EEA, USA) • Generated technical cyber risk and information security metrics, KPI reports, risk data and cyber security enterprise wide cyber risk reduction • Consultant counsel advising on cyber IT control and data privacy controls • Supported the development of a data privacy strategy, data transformation roadmap and long-term strategic priorities for cyber risk reduction thru information security and data privacy data transfer initiatives • Consulted for revamp of a multi-organization, multi-country information protection –data privacy department from the ground up – vendor management, privacy policy, charter, thru daily privacy counseling • Advanced global cyber security governance, conduct security risk assessments to identify threats, establish global reporting systems and procedures on risk, create training/awareness plan, integrate risk reporting matrix • Contributed on cyber investigations, forensics, risk trends, vulnerability exercises – addressing SOC – security operations center issues filtering into GC’s office, security awareness, encryption concerns, network security, vendor protection data protection and privacy • Significant international cyber security and data privacy work for numerous business units from framework thru risk assessment ranging up to board level recommendations Show less