Responsible for overall design, development, implementation and on-going stewardship of global privacy program, covering customers, employees, contractors and dependents.

Organizations across the globe are looking to grow and thrive in an environment where data is a critical asset, but one which is increasingly at risk and subject to regulatory obligations. As an Advisory Board Member, I provide advice and counsel to Synonical Consulting leadership around strategies for approaching the Privacy marketplace. I provide insight into emerging trends and challenges companies are facing with respect to privacy compliance. Our objective is to enable clients to remain nimble, leveraging data while managing risk and compliance in a balanced fashion.

Advise clients across industries on strategies for leveraging data for business opportunities while mitigating risk and ensuring compliance (regulatory, contractual, ethical dimensions, including privacy, HIPAA, GLBA, CCPA). Representative engagements include:Global Pharmaceutical CompanyWorked with client to integrate their privacy program with that of a recent major acquisition. Identified optimal future state by considering best aspects of both companies as well as leading practices in the market. Scope included all aspects of the respective programs across all geographies. While priority is GLBA and CCPA compliance, the target operating state allowed for compliance with any applicable new and emerging regulation.Global Insurance CompanyAssisted client design and implement a global information governance program, which will enable use of data in a business context while managing risk and ensuring compliance.Leading AdTech CompanyAssisted client close process gaps in preparation for compliance with CCPA. Activities included updating policies, designing training and awareness program (including campaign concepts, branding and plain-English messaging), and detail design of Data Subject Access Request program. Also helped create a enterprise privacy program designed to address current and future requirements, mapped to draft NIST Privacy Framework. Elements included future-state vision, strategy, resource requirements, roadmap and timeline.Global Consulting CompanyAssisted consulting company develop a privacy methodology with capabilities ranging from diagnostics, to gap analysis, to future-state operational state, based in NIST Privacy Framework.

Tapped to develop/perform CDO role with charge to increase use of data and analytics while ensuring compliance and mitigating data risk. Drove design, development, adoption, and operation of industry-first processes for identifying and managing data-related opportunities and risks and ensuring compliance and privacy protocols now considered Big 4 best-practices.Data Enablement & Governance. Unlocked multimillion-dollar revenue opportunity in one year by creating an industry first-of-its-kind common governance framework to filter and identify data across 26 firm verticals that could be leveraged to create new data-enabled business insights and value-add services for clients. Reduced go-to-market time while meeting industry compliance standards and managing risk. Data Security. Protected firm assets; zero lost business from data incidents. Implemented procedures, tools, and controls to inventory data, access risks, and comply with contract/regulatory obligations.Data Optimization. Facilitated a 25% reduction in overhead costs representing tens of millions of dollars in savings by introducing intelligent automation platforms to streamline operations, reduce administrative work, and decrease US-based headcount.Data Cataloging. Created the first tools and cognitive algorithms among the Big 4 firms to crawl data and “read” and catalog tens of thousands of client contracts. Initiative mitigated risk of non-compliance and identified business opportunities to repurpose data.Data Loss Prevention. Developed processes to monitor, detect, and codify data protection requirements to distinguish between authorized and unauthorized transmission of data.Privacy Compliance. Built a rigorous privacy program that ensured on-time compliance with GDPR and HIPAA, HITECH, and PHI.Records Management Modernization, Reduced records storage costs by several million dollars while improving compliance by introducing automated procedures to elevate records management and tracking.

Selected to develop and operationalize IT Risk Management and address privacy concerns. Pioneered IT Risk Management as a discreet discipline and became first Big 4 firm to combine Information Risk Management and Privacy Compliance functions. Created IT Risk team within Risk Management function to specifically handle risk associated with managing and sharing client data. Implemented client-inquiry hotline to standardize response process and improve transparency and accuracy.Improved operational relationships with clients and regulators, increased efficiency of IT spend, and reduced cycle time for application and system development by establishing a standard framework for evaluating IT Risk. Updated core IT processes, identified ITRM champions throughout IT, and trained entire IT staff on identifying and managing risk.Developed and implemented a firm-wide Privacy program that included a structured methodology to evaluate, remediate, and report on control effectiveness. Introduced senior-level steering committee and network of privacy champions to ensure adherence to privacy obligations, including certification under the Safe Harbor framework.

Led information risk management and information protection engagements focusing on assessment, design, and implementation of IT-based controls related to financial statement and IT audits. Co-designed and implemented methodology to assess and report on effectiveness of IT applications and general controls, as part of Sarbanes-Oxley section 404 compliance

Served a variety of clients in various industries delivering a range of IT controls-based services across consumer markets (food & beverage, consumer products), financial services, and health insurance.

Held a variety of roles with increasing responsibility in the firm’s internal IT organization, ranging from entry-level software programmer, to Director, overseeing firm-wide messaging and online services.