Douglas Copley Email and Phone Number

Data Protection Partners offers fractional executive leadership in Cybersecurity, IT, and Data Privacy. Also assist organizations with specific advisory and security needs, HITRUST-ISO-NIST certification coaching, security assessments, and audit/regulatory response and remediation management.

CISO since November 2020CIO & CISO since June 2021

As former healthcare CISO and Financial Services CPO, I provided thought leadership and strategic advice to executives in IT, security and privacy.

Designed and implemented the information security program for a 33,000 employee, 8-hospital health system. Also accountable for other IT functions including IT Compliance, IT PMO, IT Effectiveness, IT Risk, IT Communications and Service Desk.

Established a global privacy department and implemented a new global privacy program. - Established a strategy and roadmap to build a global privacy office for Ally Financial. - Created the global privacy program and team, consisting of 4 direct and 40 indirect staff across 17 countries. - Developed and implemented a privacy risk assessment process that identified key global privacy risks. - Established a comprehensive metrics program to gauge privacy compliance and risk across the company. - Established a global privacy incident response program and vendor privacy risk assessment process. - Established business rules and worked closely with IT on the implementation of Symantec’s Data Loss Prevention (DLP) solution.

An influential leader in the evolution of the IT security program from a staff of 5 to 40+. - Developed multi-year technology roadmaps that aligned market trends with business requirements and capabilities. - Established the security governance function (policy, awareness, compliance, program mgmt, risk mgmt). - Developed a comprehensive metrics program to measure progress, risk and compliance across the company. - Led the implementation of an information technology governance, risk and compliance tool (Archer). - Managed HIPAA security compliance, as well as the IT security vendor risk assessment processes. - Established an information security policy, acceptable use policy, 24 security standards and 25 baselines. - Designed and managed an enterprise-wide IT security education, training and awareness program.

-- Instructed undergraduate students in information security, disaster recovery, risk management, information systems, mathematics and statistics

Included international experience in Sweden and Japan.