May 2022 to April 2023: Data Privacy, Senior Engineer, Data Privacy Department, FairIsaac Corporation (FICO)• Responsible for FICO’s Privacy by Design program oversight and embedding privacyprinciples and controls into enterprise architectures and cloud solutions through Agiledevelopment processes• BAU responsibilities include: ◦ On-going analysis and mapping of US state & global privacy laws into company’s comprehensive privacy control framework ◦ On-going review and approval of privacy assessments for client solutions to meet various financial use cases impacting on PII ◦ On-going review and approval of third party partners’ services and products ◦ Creation and delivery of company-wide privacy training programs on a regular cadence

• Responsible for ongoing training and consultancy to US business units and global support functions to ensure US privacy processes are fit-for-purpose, and in compliance with state and Federal privacy laws • Responsible for triaging and investigating data breach incidents reported in the US market • Designed and delivered, company-wide training to US groups on individual rights requests intake process in compliance with California Consumer Privacy Act (CCPA), including custom intake forms, call center scripting and OneTrust process integration • Managed US privacy notice to reflect company privacy principles, changes in data collection techniques, and CCPA individual rights request metrics as required by CA state law • Created and delivered Privacy By Design training for US business units and global support functions • Created and delivered tiered training and awareness on GSK privacy operating model for general employee audiences, central teams, privacy leaders/champions, Consumer Health Call Center staff and GSK Response Center staff • Reviewed/approved US-based privacy assessments in OneTrust • Coordinated stakeholders to respond to, and to drive resolution for, data breach cases as appropriate • Updated GSK US Benefits Compliance governance model to align with HIPAA data privacy and security rules • Built US privacy case metrics to identify compliance gaps and to foster continuous improvement

• Wrote and delivered the first GSK global SOP for Agile approach to GxP Systems that embodies the principles of Agile/Scrum development while adhering to computer system validation GxP compliance requirements • Wrote and delivered the first GSK global Tech controls standard that combines electronic records, electronic signatures, records management, and data integrity requirements into one set of controls for all GSK Tech • Responsible and accountable for enterprise Tech risks related to GxP compliance, data integrity, and records management, including Independent Business Monitoring controls, tests, and acceptance criteria for use by the GSK Tech independent business monitoring service • Risk assessment responsibilities for Tech controls and Tech assets related to GxP compliance and records management • Completed periodic reviews and QA stakeholder updates for Tech technical standards • Closed multiple Tech incidents raised as a result of written standards updates • Provided guidance and expertise to Puerto Rico local operating company regarding Tech responsibilities on how to manage “Dawn Raids” in accordance with internal controls • Provided guidance and expertise to global SharePoint Teams regarding metadata standards compliance to support Office 365 mobile document efficiencies

• Global Computer Validation (GCV) responsibility for all Commercial ERP wave deployments, third party integration, and GSK Warehouse Management System validation activities • Developed inspection readiness framework for GSK local operating companies to manage General Distribution Practice-based audits/inspections • Provided QA oversight of Global Logistics Control Tower 3rd party provider • Program management responsibilities for multiple High-Risk GxP enterprise platforms • Provided GxP & Tech consultancy and approval on multiple high-profile GSK projects • Global Manufacturing & Supply (GMS) QA representative on Tech-sponsored Data Integrity initiative • GMS QA representative on Identification of Medicinal Products ISO compliance program • Primary Quality, Compliance & Architecture approver for ERP-related Business Process Solution Designs, global SOPs, Change Controls & key Tech deliverables

• Lead the global project delivery of GSK’s first globally-integrated Integrity Issues Management platform, supporting the new end-to-end case Compliance Investigations process, with multiple reporting channels, case management workflow, and reporting capability supporting multiple global stakeholder groups • Consolidated and successfully delivered 104 global Speak Up Integrity Lines and multi-lingual online intake forms, servicing 83 countries, including the embedding of country-specific data privacy rules for compliant web-based entry • Delivered GSK’s global Speak Up program @ https://www.gsk.com/speakup • Delivered Global International Service (GIS) to countries experiencing local calling restrictions to existing Speak Up lines for greater breath of coverage • Significant contribution to creating and embedding GSK’s end-to-end investigations process through global engagements, workshops, and process workflow definitions using ADP principles • Created Internal operating procedures for the management of compliance cases, data privacy management, and access management • Responsible for embedding GSK’s Corporate Integrity Agreement (CIA) reporting requirements into the investigative framework • Demonstrated ability to influence senior GSK leadership across business units • Co-authored Procedure for Conducting Internal Investigations, including associated global webinar training for legal and investigative teams • Developed the agreed end-to-end process for managing Attorney-Client Privileged across Group Counsel’s organization • Successfully applied global data privacy law, data transfer agreements, and data privacy impact assessments to the investigative process involving personal information (PI) gathering

• Project Manager for Tech Governance, Risk & Compliance initiative in conjunction with Corporate Assurance • Service Lead for Tech Regulatory Compliance key risk area & provided in-depth training for Tech business units on GxP Computer Systems Validation • Co-wrote the consolidated GSK global policy that combined R&D and GMS business unit policies on computer systems validation • Successfully managed multiple local & global projects within Computer Systems Validation and Risk Management • Created business requirements for strategic GRC (Governance, Risk & Compliance) solution for managing significant risks across GSK • Managed data, processes, and access related to GeODE (https://geode.gsk.com) and the Risk Exception/Acceptance Process (REAP) database • Provided consultancy & training to business units for regulatory inspection readiness • In-depth experience in computer systems auditing, validation, and inspection readiness processes • Managed day-to-day activities tracking for Risk Management Plans for R&D, Global Manufacturing & Supply, US Pharma, Europe Pharma, Biologicals, Corporate, and Consumer Health • Provided Tech risk & compliance updates to Tech Risk Management & Compliance Board, CIO & Tech Leadership Team members as requested • Facilitator for the CCT (Computer Compliance Team) & Validation Task Force • Provided Tech risk management guidance & regulatory compliance training across Tech business units • Successfully managed Offshore Tech Quality project involving cross-functional GSK team, creating “best practice” approaches for all offshore validation projects • Sole designer and implementer of DREAM (Database for Requests, Engagements & Audit Management) @ http://dream.gsk.com • Lead for Computer Systems Incident Reporting (CSIR), Warrant Response & Web Monitoring/Blocking processes • Facilitated Tech Risk Management & Compliance Board meetings

• Managed and coached staff of seven (7) direct reports in Computer Validation • Provided decision-making for departmental positions on cGMP compliance, supplier audit assessments, and validation issues related to Tech business systems, laboratory automation, infrastructure, and software suppliers • Provided first-line defense for on-site internal and regulatory inspections of GxP computer systems • Responsible for interpretation, integration, and assurance of compliance to Federal regulations through policy and procedure development • Have thorough working knowledge of GSK Quality Management Systems development methodologies, 21 CFR Part 11 assessments, Computer Inspection Readiness initiatives, document management systems, and FDA’s Systems-based inspection program • Also responsible for approval, oversight, and awareness of the Zebulon site computer validation program • Managed annual departmental budget of $1.09M • Successfully managed and completed Distribution Management System validation project for use at multiple GSK warehouses in the US on-time and under budget • Managed site-wide software supplier audit program • Completed comprehensive internal departmental assessment and presented our Strategic Review to Senior QA & Site Leadership on how Computer Validation adds value to GSK • Authored the QA Validation Web Site for computer, automation, and process validation activities, personnel, resources, documentation, and regulatory guidance and trends • Designed and implemented new organizational structure to map to FDA’s Systems-based inspection approach • Created and presented site-wide cGMP 21 CFR Part 11 Awareness training to 1,400 employees at the Zebulon manufacturing site • Managed a cross-functional staff of 15 that migrated business critical data from 20 local applications supporting Zebulon site operations into SAP R/3 platform, including decommissioning of affected legacy systems

• Hired as a Systems Analyst/Programmer III, July 1991; promoted to Systems Analyst/Programmer IV, May 1992 • Implemented initial Radio Frequency network for the Sterile Products Facility in a Client/Server environment • Designed and coded interfaces for automated guided vehicles used to deliver materials to Class 10K rooms for sterile manufacturing facility • Designed and coded APIs for integrity testers used with .22 micron sterile filtration devices • Responsible for project leadership duties on computer validation projects in the areas of Process Automation Systems, Information Systems, and Critical Documentation Systems. • Responsible for managing and resolving regulatory compliance issues and validation of computer systems

• C+ programmer for the Manufacturing Flexible Integrated Systems (MUFINS) project in conjunction with Litton Corp., Integrated Automation Division, from April 1988 to April 1989, in Alameda, California • Designed and developed process control systems in C+, wrote interfaces for PLC-controlled equipment, and was responsible for VAX systems enterprise management for the Tarboro, NC manufacturing & distribution site