Senior Consultant/ Analyst - Ai, Privacy, Cybersecurity

Supported company-wide privacy compliance initiative for all Nike data holdings by providing guidance to development teams and executives for GDPR, CCPA, LGPD (Brazil), PIPL (China), PIPA (Korea)

Crafted data governance policies and standards for managing personal data (PII); this includes the application use/access controls, data tagging practice, data retention protocols, and data quality measures

Developed data privacy protocols for development of AI/ML tools and processes

Provided data privacy guidance for the configuration and implementation of the data governance tool (Collibra), to reflect requirements from data protection and privacy regulations

Evaluated data sources and systems for security and privacy risks, developing improvements to internal processes to achieve compliance

Led privacy compliance efforts for different arms of the organization including sports/health research, marketing, and analytics

Led a team of privacy analysts supporting the CFPB Privacy Office in the implementation and execution of a privacy program at the Bureau

Executed privacy impact assessments of CFPB systems for compliance with federal privacy and cybersecurity regulations (i.e.: HIPPA, COPPA, Sarbanes-Oxley, etc.). Assessments included – reviewing design documents and affirming the presence of controls alongside technical teams and providing timely guidance at various stages of the development lifecycle. Designed assessments to reflect GDPR/CCPA best practices

Developed risk assessment matrix and implemented a privacy breach process to support incident response at the Bureau

Assisted with the implementation of privacy requirements from NIST 800-53 v. 5 for organization-wide information security practice

Provided policy analysis and legal guidance in privacy and information security for Bureau executives, as well as developed and led training

Lead project manager for iTech AG CMMC cybersecurity certification – led the organization to successfully complete federal cybersecurity audits and achieve compliance for federal contracting

Conducted NIST 800-171 assessments for federal clients including drafting system security plans, executing POAM’s, and more

Trained federal employees (management and staff) in cybersecurity and privacy protocols, working to implement best practices for activities like videoconferencing and data management

Developed a “Virtual Engagement Strategy” for the Census Bureau which was adopted by senior leadership and distributed to over 250 field staff during the 2020 census.

Operated as a liaison with third-party providers and internal stakeholders on projects and delivered presentations to management on progress, material requests and deadlines.

Managed over 25 successful projects with major US cities, as clients, to establish their open data programs for the secure management and distribution of public data.

Projects included: conducting legal reviews and providing guidance on federal, state, and global legal frameworks, regulations, and internal privacy policies; conducting risk assessments for internal and third-party vendors; categorizing data and systems; and recommending corresponding controls to protect sensitive data

Directed public engagement projects for cities on public data, leveraging UX and human-centered design techniques to assess information needs in local communities

Led four successful projects with major US cities in audits and eventual publication of data from their procurement/government acquisition systems. These projects included developing and implementing protocols to account for CCPA and GDPR

Advised senior management and elected officials of major cities on the drafting of legislation, internal policies, and the establishment of governance committees for cyber security, privacy, and data/records management

Worked with city staff to develop protocols for Security Operation Centers (SOC) and Incident Response (IR) to manage risk associated with publishing data

Provided thought leadership in the law and policy related to privacy management, with knowledge of relevant federal, state, local, and international governance including CCPA, GDPR, FOIA, and SOX

Led a successful legislative campaign to reform Maryland’s Public Information Act (PIA). Changes included developing statewide policy for the management of public records requests, along with the establishment of a governance committee and ombudsman office

Developed expertise and provided thought leadership on state and federal laws and regulations related to cybersecurity, internet law, government IT, and public information laws – including records management and retention

Lobbied at the Maryland General Assembly on bills related to privacy, good government, government transparency, cybersecurity, and data management, with several successfully becoming law