Results-driven governance, risk, compliance (GRC) professional and manager with expertise in strategic risk management, geo-politics, and tech policy. I have a background in AI, information security, cybersecurity, privacy, and data governance, with over nine years of experience in developing and successfully implementing governance frameworks for compliance with global, federal, stand and local laws, along with general risk mitigation.
Supported company-wide privacy compliance initiative for all Nike data holdings by providing guidance to development teams and executives for GDPR, CCPA, LGPD (Brazil), PIPL (China), PIPA (Korea)
Crafted data governance policies and standards for managing personal data (PII); this includes the application use/access controls, data tagging practice, data retention protocols, and data quality measures
Developed data privacy protocols for development of AI/ML tools and processes
Provided data privacy guidance for the configuration and implementation of the data governance tool (Collibra), to reflect requirements from data protection and privacy regulations
Evaluated data sources and systems for security and privacy risks, developing improvements to internal processes to achieve compliance
Led privacy compliance efforts for different arms of the organization including sports/health research, marketing, and analytics
Led a team of privacy analysts supporting the CFPB Privacy Office in the implementation and execution of a privacy program at the Bureau
Executed privacy impact assessments of CFPB systems for compliance with federal privacy and cybersecurity regulations (i.e.: HIPPA, COPPA, Sarbanes-Oxley, etc.). Assessments included – reviewing design documents and affirming the presence of controls alongside technical teams and providing timely guidance at various stages of the development lifecycle. Designed assessments to reflect GDPR/CCPA best practices
Developed risk assessment matrix and implemented a privacy breach process to support incident response at the Bureau
Assisted with the implementation of privacy requirements from NIST 800-53 v. 5 for organization-wide information security practice
Provided policy analysis and legal guidance in privacy and information security for Bureau executives, as well as developed and led training
Lead project manager for iTech AG CMMC cybersecurity certification – led the organization to successfully complete federal cybersecurity audits and achieve compliance for federal contracting
Conducted NIST 800-171 assessments for federal clients including drafting system security plans, executing POAM’s, and more
Trained federal employees (management and staff) in cybersecurity and privacy protocols, working to implement best practices for activities like videoconferencing and data management
Developed a “Virtual Engagement Strategy” for the Census Bureau which was adopted by senior leadership and distributed to over 250 field staff during the 2020 census.
Operated as a liaison with third-party providers and internal stakeholders on projects and delivered presentations to management on progress, material requests and deadlines.
Managed over 25 successful projects with major US cities, as clients, to establish their open data programs for the secure management and distribution of public data.
Projects included: conducting legal reviews and providing guidance on federal, state, and global legal frameworks, regulations, and internal privacy policies; conducting risk assessments for internal and third-party vendors; categorizing data and systems; and recommending corresponding controls to protect sensitive data
Directed public engagement projects for cities on public data, leveraging UX and human-centered design techniques to assess information needs in local communities
Led four successful projects with major US cities in audits and eventual publication of data from their procurement/government acquisition systems. These projects included developing and implementing protocols to account for CCPA and GDPR
Advised senior management and elected officials of major cities on the drafting of legislation, internal policies, and the establishment of governance committees for cyber security, privacy, and data/records management
Worked with city staff to develop protocols for Security Operation Centers (SOC) and Incident Response (IR) to manage risk associated with publishing data
Provided thought leadership in the law and policy related to privacy management, with knowledge of relevant federal, state, local, and international governance including CCPA, GDPR, FOIA, and SOX
Led a successful legislative campaign to reform Maryland’s Public Information Act (PIA). Changes included developing statewide policy for the management of public records requests, along with the establishment of a governance committee and ombudsman office
Developed expertise and provided thought leadership on state and federal laws and regulations related to cybersecurity, internet law, government IT, and public information laws – including records management and retention
Lobbied at the Maryland General Assembly on bills related to privacy, good government, government transparency, cybersecurity, and data management, with several successfully becoming law