Rosa O. Email and Phone Number

Guide and support cross-functional teams on Artificial Intelligence (AI) initiatives, data governance, cybersecurity, and privacy, providing strategic legal counsel on regulatory compliance, ethical considerations, and best practices, for leading international fintech organization.• Serve as primary legal counsel for Artificial Intelligence initiatives, data governance, cyber security, and privacy issues.• Guide cross-functional teams in launching AI-driven projects, ensuring alignment with applicable regulations and best practices.• Spearhead updates to the company’s privacy and cybersecurity programs, ensuring compliance with evolving U.S. and EU regulations.• Develop and implement internal legal guidelines to standardize practices for data processing and privacy compliance across the organization.• Monitor and analyze global privacy laws and evolving regulations, updating internal policies, forms, and agreements to maintain compliance. • Collaborate with cross-functional teams to design and implement controls for data environments supporting global products and services.• Draft, negotiate, and review third-party data processing agreements, as well as vendor contracts, balancing legal requirements with commercial priorities.

Manage data privacy, cybersecurity, and compliance projects, as well vendor and client contracts, for the leading aerospace insurance partner to Fortune 500 companies and emerging technologies in the US, UK, EU, Latin America, and Canada.• Proficiently oversee the lifecycle of vendor and client contracts, from meticulous review to strategic negotiation and drafting, encompassing MSAs, NDAs, Memorandum of Understandings, Statements of Work, Data Processing Agreements.• Lead a cross-functional team in the implementation of a comprehensive data privacy program, overseeing data mapping, privacy impact assessments, and compliance with regulatory frameworks such as CCPA, CPRA, GDPR, PIPEDA, GLBA, NYDFS Part 500, ISO/IEC 27001, and NIST.• Successfully manage the development and deployment of a vendor risk management system, coordinating efforts across legal, IT, and marketing departments to ensure legal compliance.• Support and guide Cybersecurity and IT in implementing automated data mapping tools to streamline the process of identifying and classifying sensitive data, such as Microsoft Azure Purview and OneTrust.• Collaborate closely with product development team to integrate privacy-by-design principles into new customer-facing portal features, ensuring regulatory compliance and enhancing user trust.• Evaluate privacy-enhancing technologies, including enhanced multi-factor authentication, in collaboration with IT, Cybersecurity, and Marketing Departments.• Develop and update privacy policies and notices, including privacy notices at point of collection, ensuring alignment between marketing strategy and regulatory requirements.• Perform economic sanctions screening and develop export controls, anti-bribery, anti-competition, and whistleblowing policies and procedures. • Manage corporate secretarial duties, including maintaining corporate records, preparing Board resolutions and minutes, and ensuring compliance with corporate governance standards.

Managed privacy risk assessments projects and internal audits for the largest municipal healthcare system in the United States, collaborating with cross-functional teams to achieve program goals. Ensured compliance with HIPAA, HITECH, NYS MHL, FCA, AKS, Stark, as well as Fraud, Waste, and Abuse policies.• Led a cross-functional team to conduct a comprehensive review of existing privacy policies, procedures, and practices, identifying areas for optimization and implementing workflow enhancements that resulted in a 15% reduction of privacy incidents.• Guided review and enforcement of vendor contracts related to privacy and security, ensuring protection of personally identifiable records.• Oversaw data governance, including requests for records involving privacy issues.• Led corrective action plans, NIST framework implementation, and compliance training initiatives.• Investigated complex privacy incidents and determined whether breach notifications were required.

Advised business leaders on privacy and compliance matters. Conducted privacy impact assessments and developed mitigation strategies.• Created privacy programs and mitigation strategies, including helping to define, update, maintain, and enhance privacy compliance program requirements.• Conducted risk assessments of existing and new business processes to mitigate risks.• Developed, drafted, and implemented incident response plans and compliance strategies.

Led cross-functional teams in the development and implementation of compliance program, including the development and implementation of complex policies related to privacy, consumer protection, and complex litigation for non-profit organization responsible for the state distribution of federal pandemic recovery funds under the American Rescue Act.• Guided stakeholders from different departments with respect to data governance matters, including emerging legal issues, ensuring program compliance with regulations.• Led cross-functional team in compliance reviews of organizational processes, risk assessments, and development of mitigation strategies.• Researched and implemented policies and procedures related to privacy, consumer protection, and complex litigation. • Reviewed and drafted contracts, policies, memoranda, media releases, and transactional documents. • Responded to legal requests and communicated with regulatory authorities.• Trained team members on procedural safeguards and compliance measures.

Created, led, and managed a multi-state law practice, with expertise in the areas of consumer protection, regulatory compliance, contracts, and litigation. In-depth knowledge of consumer rights, the Fair Debt Collection Practices Act (FDCPA/Reg. F), Fair Credit Reporting Act (FCRA/Reg V), TILA (Reg. Z), NJ Consumer Fraud Act, bankruptcy laws, and additional federal and state consumer regulations. • Nine years of experience in consumer protection, project management, compliance, risk management, litigation, and contracts. • Achieved favorable settlements and won dismissals by leveraging claims based upon consumer protection laws, contracts, FCRA, FDCPA, NJ Consumer Fraud Act, and privacy incidents.• Provided legal consultant and e-discovery services, including document review, records management, records disclosure, and the preservation of privilege and confidentiality.• Collaborated with Essex-Newark Legal Services, Legal Services of New Jersey, and Central New Jersey Legal Services in providing pro bono services to vulnerable consumers.