Donald Simon Email and Phone Number

Consulting across multiple industries regarding compliance, audit and process

• Led Compliance & Privacy Department consisting of three managers and six compliance analysts; managed organizational shift to create (CEC) Department. Reported to CFO.• Oversaw corporate privacy-based function; avoided fines by ensuring compliance with federal and state requirements.• Executed GDPR readiness assessments, PCI compliance, policy implementations, business continuity planning and annual SOC-1/2 audit management; coordinated enterprise-level compliance for Sarbanes-Oxley (SOX) regulations.• Directed customer contract edits / negotiations, IT RFP response, client risk assessments, internal IT / business process audits, and policy violation investigations.• Modernized 3rd-party risk management functions; standardized 3rd-party risk assessments by leveraging a vendor product to efficiently assess all suppliers, vendor risk ranking/audit frequency, audit process and reporting.Key Accomplishments:• Developed world-class ethics and compliance programs that included U.S. sentencing guidelines and enterprise-wide educational curriculum; programs endorsed by CFO and General Counsel.• Implemented effective methodology (including management approval, boilerplate response development, and key metrics creation) for managing IT contract responses; improved visibility and support for customer RFP / retention.

• Developed corporate IT security and compliance strategy and led two (offshore) and three (onshore) teams to execute and monitor. companywide security program. • Directed business unit operations (including strategic security planning) for corporate and affiliate entities; provided security leadership for multi-national Divisions in Europe, Canada, and Japan.• Oversaw regulatory / compliance support and audit activities; ensured alignment with regulatory guidelines including SOX, GDPR, PIPA, and GxP.; developed and implemented enterprise wide policy and standards program.• Developed strategic enterprise-wide security roadmap for compliance and risk management.• Implemented security technology refresh and currency program that included a global firewall refresh /expansion, which drove support model efficiencies by leveraging like technology across the company’s global infrastructure. Key Accomplishments:• Devised and implemented pre-acquisition / on-going monitoring processes to manage vendor risk.• Streamlined IT compliance risk assessment process; ranked, summarized, and reported findings to CIO (VP of IT).

• Established business unit direction and led cross-functional team of eight project managers to support companywide IT governance functions (including internal/external audits, risk management, state and federal regulatory exams). • Performed Medicaid HIPAA assessments, internal and external audits, and risk assessments; full IT oversight of SOX and other regulatory requirements.• Identified, assessed, and communicated IT security / general control risks; reported assessments on multiple acquisitions, identified control gaps, and developed strategies to achieve control baselines. • Influenced decision-making by implementing and tracking “C-suite” audit & risk-management/status-reporting program.• IT Privacy Officer and Deputy Compliance Office responsible for investigating / resolving privacy incidents and compliance violations in addition to providing IT compliance education.Key Accomplishments:• Forged customer and business alliances that improved faltering relationships by streamlining communications; improved customer satisfaction, especially IT engagement on audits and contract negotiations with company clients.• Drove customer retention and growth of plan sponsors by demonstrating and championing IT compliance; facilitated $5B+ in growth / retention.• Expanded customer business opportunities (including Fortune 1 and numerous Fortune 100 companies) by delivering exceptional customer service for all customer accounts; successful negotiation of numerous contracts with plan sponsors.• Successfully responded to ~1000 customer questionnaires, ~200 contract responses / edits and ~ 30000 annually. Additionally facilitated ~20 customer and regulatory onsite risk assessments per year.

• Led 11-person cross-functional team of senior-level infrastructure project managers and compliance specialists in activities regarding operation support, hardware / software product support, regulatory exams, SOX/SOC management and governance.• Planned short- and long-term security projects and developed IT General Control / security solutions to support regulatory compliance (SOX, HIPAA, DOI) and external audits (SOC, PCI).• Provided regulatory compliance expertise to senior and executive IT management teams.• Managed multiple acquisition integrations; developed and implemented gap analysis / remediation processes to manage security, compliance and IT General Control risks.Key Accomplishments:• Developed, led, and implemented automated technical control processes to reduce manual compliance workload tasks by 50%.• Chosen to mentor future Company leaders through Aetna’s leadership development program.