Suzette Corley - Cipm, Cdpp Email & Phone Number

• KirkpatrickPrice is a licensed information security CPA firm, a PCI QSA, and a HITRUST CSF Assessor, providing assurance services to over 1,000 clients in 48 states, Canada, Europe, Asia, and more. Registered with the.
• Conduct comprehensive Privacy Audits including GDPR, CCPA, SOC 2 Privacy, and HIPAA Privacy Rule compliance.
• Utilize a company-developed tool, Online Audit Manager, effectively securely managing client documents.
• Collaborate with clients to identify and comply with relevant regulatory requirements, thereby mitigating the risk of non-compliance fines.
• Ensure efficient and minimally disruptive examination processes, aligning with professional guidelines.
• Guide and educate clients throughout engagements, fostering assurance in their privacy and compliance efforts.

• Conduct audits of business units and identify if business practices, or absence of practices, present significant regulatory, ethical, or legal compliance risks.
• Identify compliance deficiencies and areas of risk within business units and work and develop and implement risk mitigation plans.
• Partners with Internal Controls, Internal Audit, and Enterprise Risk Management to manage risk from internal and external sources.
• Develop Diversity and Inclusion privacy considerations for business products and service development to ensure customer/consumer/employee rights are incorporated.
• Act as the face of the company to consumers, state insurance departments, and other regulators during privacy inquiries.
• Develop relationships with key stakeholders in business units to effectively respond to consumers and regulators within the exam or inquiry timeline.

• Created strategy to implement, develop controls framework, and carry out CCPA to compliance for January 1, 2020, effective date.
• Establish, implement, and maintain procedures and processes to effectively manage privacy activities, while ensuring compliance with regulations. Assess issues and manage implementation of process improvements ensuring.
• Establish and maintain strong relationships with business stakeholders across the organization to convey security and privacy requirements and maintain knowledge on data collection and use cases. Identify and manage.
• Collaborated with internal and external stakeholders to evaluate and drive a privacy plan that maximizes value and minimizes risk.
• Partner with management in leading the development of ongoing compliance monitoring of external vendors and third parties, to ensure appropriate controls are in place to protect personally identifiable information and.
• Monitor and advise stakeholders across the organization on changes to state, federal and international privacy laws, and accreditation standards (e.g., Japan’s APPI, CCPA, GDPR, New York, and others) to ensure impacted.

Greater Atlanta Area

• Led the work to stand up the GDPR control framework for the UK region. In conjunction with consultants completed an assessment, analyzed the gaps, created solutions to address those gaps, and implemented those.
• Created a strategy in preparation for CCPA that included individual rights processing, policy management, and training to meet CCPA requirements.
• Produced a Data Protection Strategy which set out the organizational process, policy, and cultural changes needed to enable a successful and lasting transition of GDPR into Business as Usual.
• Drove the analysis and impact assessment of the GDPR in the US, including assessment of the data estate; business and system impact assessments, and identifying grounds for processing data.
• Embedding Privacy by Design into architecture and Privacy Awareness into company culture; incorporating Privacy Impact Assessments (PIA) into the approvals process; updating Privacy Notices and 3rd Party contract.
• Analyze and advise on privacy-enhancing technologies such as OneTrust.

• Served as the privacy subject matter expert (SME) and reported directly to the Global Privacy Officer.
• Collaborated in the development and implementation of a global privacy program from scratch to include incident response training, procedures, monitoring, controls, risk mitigation planning, and other program elements.
• Led key initiatives and activities related to privacy governance to establish solutions that integrate privacy requirements with business priorities.
• Conducted and developed Privacy Impact Assessment Procedures, Privacy Inbox Procedures, and Employee Privacy recommendations.
• Led UPS in driving awareness and accountability throughout the organization by creating a Global Privacy and Information Security Training Awareness Program that led to greater business transparency while reinforcing.
• Provided project management for work streams that were created as a result of Steering Committee directives.

Bs, Management

Aas, Legal Studies/Paralegal (Aba Approved)