Currently, I manage the Global Regulatory Documentation team that focuses on the creation, maintenance, and operationalization of documentation in accordance with various omnibus privacy regulatory obligations (GDPR, LGPD, PDPA and POPIA). My work is centered on the developing automated, scalable, repeatable processes to develop Records of Processing Activities (ROPAs), Data Protection Impact Assessments (DPIAs), and Legitimate Interest Assessments (LIAs). I have extensive experience working cross-functionally with privacy teams, engineers, and legal teams around the globe to ensure compliance with our legal obligations in a scalable and sustainable manner.Relevant Experience: • Developing automated solutions to create, maintain, and validate ROPAs and DPIAs in a scalable manner. This work is done in partnership with infrastructure engineers to create tooling and integrations with existing platforms to curate relevant data for our documentation. Following launch of our tooling, we can develop several thousand automated ROPAs, and moved away from manual record keeping, saving significant hours of legal and product team time, as well as minimizing potential risk. • Owning the roadmap for build out and development of the Global Regulatory Documentation team. Oversee multiple approaches for documentation creation leveraging objective and subjective data, and managed complex, cross-functional projects for both approaches from defining business requirements through UAT/QAT testing.• Creation of a suite of program management documents including a Global Reg Doc program policy, procedures and run books, and tooling user guides. Additionally, leading development of dashboards for reporting metrics, statistics, and key performance indicators (KPIs) on program progress for legal and compliance stakeholders

Prior to my current role, I served as the People Data Privacy Programs Manager for People Compliance & Data Privacy (PCDP). In that role, I led the PCDP team’s responses to various privacy regulations (GDPR, CCPA and LGPD), created and maintained regulatory documentation, managed and updated People data retention schedules and conducted Data Protection Impact Assessments (DPIAs) for key systems, applications and business processes for the People organization at Meta (People@).Relevant Experience: • Leading the PCDP responses to the California Consumer Privacy Act (CCPA) and the Brazil General Data Protection Law (LGPD) compliance requirements including updates to our employee, candidate and contingent worker Privacy Notices, our onboarding practices, and our response strategy for data subject rights requests. • Project management to create a global retention schedule for employee data. evaluation of regional and country requirements to create a rationalized proposal to create a single, global schedule. • Drafting of DPIAs and privacy risk assessments for targeted, high-risk People@ applications and business processes. Leading interviews/walkthroughs with business process owners, oversight of security assessments, coordinating with Legal on the DPIAs, and with the Office of the Data Protection Officer for review and approvals.

Staffed in PwC’s Cybersecurity and Privacy practice. I provided a variety of privacy consulting services, including privacy program design and implementation, privacy compliance assessments (including GDPR, CCPA and GAPP assessments), privacy impact assessments, policy design and review, and data inventory and lifecycle management. Relevant Experience: Led a privacy program design and implementation for an emerging technology project with US mobile carriers including the design of a the program’s privacy controls framework, development of process flows and narratives for key privacy controls, drafting of procedures, and development of a trust framework for information sharingLed a California Consumer Privacy Act (CCPA) strategy assessment for a global retail brand. Advised client on recommendations for future state operating models, including technology enablement for privacy program automation. Additionally, advised client on a privacy governance model and organization structure to enable consistent privacy management across regions. Performed an enterprise wide privacy risk assessment for a Fortune 50 company focused on identifying existing strengths and weaknesses in the program and overarching governance model, and development of recommendations to bring efficiencies to the program and align program activities to areas of privacy risk including monitoring and testing recommendations.Performed GDPR readiness assessment for a publicly traded entertainment company focused on identification of gaps and areas of misalignment with regulatory requirements, and development of remediation activities and action plan road maps. Advised a global real estate services firm on privacy program design enhancements and implementation, including the development of standards and procedures for systems implementation/deployment, M&A privacy considerations, and data incident management.

Staffed in the Information Management Office at KPMG, focusing on Privacy and Data Loss Prevention (DLP). Responsibilites include: •Oversaw day-to-day operations of firm-wide privacy audits and compliance reviews•Conducted and facilitated audits of key information repositories including internal and external applications, vendors, and processes•Participated in the firm’s annual Privacy Shield recertification processes •Managed individual privacy impact assessments for application and business processes that handle sensitive data•Acted as a specialist in privacy matters providing support to functional and business groups •Participated in the development of privacy training and awareness programs designed to reinforce appropriate data handling practices throughout the organization

Staffed in the Global Privacy Program Management Office (previously, the Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) Consent Order Program Office). Managed projects related to comprehensive, documented assessments of client and employee data/information sharing restrictions for the firm across all regions, as well as privacy compliance for deployment of Employee Surveillance programs. Focus on facilitation of research and legal opinions, as well as communication to lines of business, to ensure local laws and regulatory requirements are met as the bank implemented future-state operating modelsResponsibilities Included: • Development project plans and engagement with corporate Privacy and Global Financial Crimes counsel, including the firm’s Chief Global Privacy Counsel, to facilitate an information sharing and operational off-shoring analysis on a country-by-country basis to determine where cross-border information sharing restrictions exist for the firm and identification of impact to future state operating models for the bank• Facilitated communication amongst relevant parties including workstreams, compliance, legal and lines of business to identify and resolve potential privacy issues that may arise based on the bank’s future state operating models• Worked with external consulting firm to develop recommended enhancements to the firm’s processes and procedures for the monitoring of affiliate and intra-company account transactions. • Developed and drived project plans for remediation and satisfaction of Matters Requiring Attention (“MRA”) issued by the Office of the Comptroller of Currency (“OCC”).• Support for the firm’s Chief Privacy Officer in the assessment of privacy compliance requirements for deployment of an Employee Surveillance Program and updated deliverables required following a gap assessment • Facilitated updates to the firm’s splash screens, regional handbooks and new hire appendices following identification of privacy compliance gaps

Staffed in the Mortgage Banking Litigation group of the Legal department. Managed substantive mortgage banking litigation matters related to Freddie Mac and Fannie Mae, as well as Appellate Matters in the United States Court of Appeals for the Ninth Circuit.Responsibilities Included: • Review of pleadings and adverse claims asserted against the firm to determine and assess potential reputational and/or financial risk. • Identification of business processes and procedures that are potential litigation or reputational risks to the firm. • Retain and coordinate with outside litigation counsel regarding factual assessment of litigation matters as well as case management and strategy. • Assessment of potential settlement options available to the firm.

Oversight of review and production of electronically stored documents in response to discovery requests in Multi-District Litigation. Advise senior management regarding operating procedures and project management protocols. Manage compliance with third party subpoena and Department of Justice documents production requests. • Manage staff of 30 attorneys conducting reviews of electronically stored documents for production in pending Multi-District Litigation. • Draft protocols, guidelines and outlines for claims review, claims escalations and the production of documentation to third parties. • Serve as the liaison between the Gulf Coast Claims Facility and Department of Justice agents for document production and claim information related to criminal investigations.• Work closely with internal general counsel and outside counsel with document production in compliance with third party subpoenas. • Manage a staff of 35 attorneys and accountants conducting review of claims and a staff of 30 attorneys handling claimant escalations and complaints on the largest claims administration in the company’s history.• Coordinate with IT and Systems teams regarding maintenance and updates to project database for claims review and report preparation. • Work closely with the Data Analysis team for production of daily statistic reports for the purposes of claims review and processing of distributions to claimants, as well as public reporting of facility statistics.

Oversight of administration of Chapter 11 Debtor cases from pre-filing through distribution. • Coordinated and oversaw pre-filing preparation, including database set-up and review of data for preparation of Creditor Matrix, Schedules of Assets and Liabilities and Statements of Financial Affairs for large Chapter 11 filings in the Southern District of New York and Delaware. • Implemented and monitored service of motions and notices, including first day motions, bar date mailings and solicitation mailings.• Oversaw claims processing and review. Prepared claims report and assisted with claims reconciliation, including preparation of exhibits for objections to claims.

Litigation experience including Intellectual Property and software piracy actions in Federal and state court. Experience with electronic discovery in Federal and state court litigation. Varied Bankruptcy experience including representation of Chapter 7 and Chapter 11 Trustees, Chapter 11 Debtors and unsecured creditors in Chapter 11 cases. • Defendant in an action regarding alleged piracy of software. Coordinated and managed preservation and production of client’s electronically stored information. Served as the liaison between the firm and outside vendor retained for data management and production. Utilized Concordance and CaseMap in preparation for trial. • Plaintiff in an action for intellectual property infringement. Drafted discovery motions, including requests for production of electronically stored information. Coordinated and managed preservation and production of client’s electronically stored information. Utilized CaseMap in preparation for settlement negotiations• Chapter 7 Trustee in several actions for fraudulent conveyances, preferential transfers and turnover of assets. Drafted compliant, discovery demands and motions for summary judgment. • Chapter 11 Debtor. Drafted First Day motions including motion for use of cash collateral and motion for authorization for Debtor to obtain post petition financing.