• Led efforts to establish foundational documents and processes for the pilot launch of the NIH Privacy Service Center program, resulting in improved program metrics and risk mitigation.• Developed and implemented a system inventory data harmonization project expediting the discovery process and prioritizing of critical program tasks.• Developed reporting frameworks to track program metrics and optimize program success.• Provided technical expertise to NIH Privacy Program and staff regarding the development and implementation of organizational privacy policies and procedures.• Spearheaded the development of digitizing the submission and approvals process for compliance assessments.• Reviewed and conducted privacy risk assessments (Privacy Threshold Analyses (PTAs), Privacy Impact Assessments (PIAs), and Third-Party Website Application (TPWA) PIAs.

• Provided day-to-day supervision and leadership support including duties such as providing actional feedback, reviewing and approving time and project related expenses, conducting monthly performance reviews, and providing input to promotions and salary actions.• Assisted with business development, including identifying new opportunities, responding to Requests for Proposal, and developing white papers and intellectual capital to market firm privacy services.• Led the publication of the firm’s Privacy Community of Practice (CoP) Newsletter, a monthly periodical highlighting topics such as privacy laws and regulatory changes, international privacy news, and emerging technology impacting privacy.• Delivered privacy product reviews on firm’s efforts

• Lead privacy analyst for all Privacy Threshold Analyses (PTAs). Performed analysis on new or updated IT systems, applications, and projects to determine overall privacy impact including compliance documentation requirements and privacy risks. Collaborated with project teams to implement PTA adjudications. Coordinated and monitored reviews for information collections and rulemaking proposals.• Improved PTA review process by compiling an inventory of PTA responses and adjudications. This information provided the foundation for developing supplemental guidance for PTA writers and adjudicators by serving as a quick reference tool for acceptable responses, ensuring consistency in adjudications, and allowing us to identify insights such as contradictions in rationales.• Collaborated with Governance Branch, and project teams to support the system development lifecycle. Represented the PIA Team at project kick-offs to deliver initial privacy assessment.• Developed Privacy Impact Assessments and Privacy Act Statements.• Maintained and operated the designated SEC PIA email. As the primary POC, I completed privacy system review requests, address ad hoc compliance documentation questions, monitored, and reported on the status of reviews and requests.• Developed the first standard operating procedures (SOP) for this role with supplemental guidance and reference tools.

• Supported the implementation of an enterprise-wide privacy program through the review and drafting of privacy policies, procedures, and guidance for internal and external publication.• Provided project management support through the development of privacy program implementation plans.

• Provided project management and strategic privacy policy support for enterprise-wide privacy control compliance program.• Reviewed and wrote privacy policies, procedures, and other regulatory documentation reflective of federal legal requirements including OMB, FISMA, HIPAA, the Privacy Act of 1974, the E-Government Act, and industry best practices while maintaining sensitivity to the unique needs of the organization and the proper allocation of resources.• Oversaw the review and writing of control implementation guidance for the NIST’s SP 800-53 Rev. 4 privacy controls at the correlating control identifier (CCI) level in alignment with the Defense Information Systems Agency (DISA) CCI framework.• Spearheaded project implementation approach which course corrected delayed completion dates and allowed the project to meet original deadlines.

• Spearheaded and managed a high-performing privacy team, overseeing multiple enterprise-wide privacy program functional areas including risk assessments; compliance documentation (PIAs, SORNs, Privacy Act Statements); crafting policies, plans, and guidance materials; conducting audits; and implementing remedial actions for 75+ information systems and data projects.• Primary author for 30+ PIA’s. As team lead, reviewed and revised an added 20+ PIA drafts submissions.• Reviewed IT systems, data collections, and third-party data sharing agreements to identify compliance gaps, ensure regulatory compliance, and provide recommendations for mitigating privacy related risks and the implementation of best practices.• Developed cybersecurity and privacy policy and established communication and dissemination processes.• Managed incident response team. Developed and implemented incident management processes and assisted with escalated breaches responses.• Developed and delivered in-person and computer-based PII training and outreach materials to establish an organizational baseline knowledge of PII.• Developed SOPs on the governance and maintenance of data and system cataloging including a comprehensive inventory of PII held by the organization.

• Served as primary POC to over 400 users by providing functional support to Economic Development Administration (EDA) applications and software testing.• Developed business and testing requirements according to client’s SDLC and created and implemented user acceptance testing cases and plans.• Analyzed functional and non-functional requirement compliance and documented bugs and interoperability issues.• Supplied technical writing support by reviewing and maintaining application help desk SOPs.

• Provided functional support to over 9,000 application users of NOAA’s Financial Systems Division (FSD) in alignment with organizational problem management process workflows.• Oversaw account management for all application users, assigned and modified roles and access privileges, remediated escalated events, and supported application change management and user notification duties.