Significant Accomplishments:
• For a large retailer needing to obtain CCPA Compliance quickly, managed the completion of the GAP analysis and assessment and wrote the final report, managed the team that produced the processes for implementation by the client, and worked to define and vet the architecture documents and process flow. Also heavily involved in architecting OneTrust, and in it’s interaction with the data discovery tool.
• For a Global Retailer, managed 3 professionals in a 2 month project the performed a GDPR gap analysis of two web platforms and three mobile apps, identifying approximately 50 gaps and remediation steps, and coordinated remediation efforts with vendors to assist in fixing the issues. Identified the need for Access Certifications in areas where the client had not previously utilized them. Reviewed Data Processing Addendums for processors and recommended controls. Evaluated the controls for a social media processor and made recommendations, and prepared a Summary of GDPR Controls Implemented.
• Led a small Team and Created an Encryption Compliance and Key Management Strategy and Presentation, a support document, and an encryption compliance standards document for a large insurance firm looking for direction in complying with GDPR/NYDFS. This gave them a strategy to enable them to prove to a regulator after a breach that the data stores in question were encrypted, if indeed they were, and that a Centralized Key Management System was in place to ensure that the keys did not go out with the data, if indeed it was.
• Performed, for a business services company, a maturity and risk assessment against NIST CSF using CISv7 for a SOC 2 engagement. Gave them what they needed to improve their security posture, and to support and augment, where needed, their SOC 2 controls.
• Recently BISO, Regional CISO for The Americas, for an Insurance Broker, concentrating on compliance in HIPAA, Privacy Shield, NYDFS, GDPR, and implemented a DLP system. Began implementing the CIS Security Controls Framework. Enabled them to become Privacy Shield compliant within a few months by implementing the needed processes and controls, including Third Party Agreements / Data Protection Addendums.