SUMMARY:

Attorney and IT security, risk and compliance strategist with over 17 years of experience working across a variety of sectors at mid - to large-cap entities with complex business and technological environments. Specialist in process improvement, strategy and planning, and implementation and leveraging of technologies to improve organizational performance and mitigate risk. Expert consensus builder with extensive experience conducting enterprise-wide risk assessments and leading large, organizationally diverse working groups. Significant experience managing legal, risk, IT and business projects, including communications with C-level suite, and involving multi-billion-dollar liability.

EXPERIENCE:

Confidential, Camden, NJ

Consultant - IT, Legal, Privacy and Risk

Responsibilities:

• Serving as primary consultant to drive compliance effort for the California Consumer Privacy Act (CCPA), which will serve as a framework for future privacy, data protection, data governance and vendor management initiatives.
• Conducted enterprise-wide privacy and data protection/information security risk assessment (for CCPA and related NYDFS cybersecurity regulation) across 35 IT, business and legal functions, as well as related data mapping of over 300 applications/systems and 450 vendors, gap analysis and risk remediation.
• Developing process and technical solution options for all requirements under CCPA for IT and legal leadership consideration.
• Prepare all C-suite level communications and presentations and act as point-of-contact for all legal, IT and business stakeholders.

Confidential, Boston, MA

PMO Global Applications Program Manager

Responsibilities:

• Managed global operational team composed of attorneys, risk managers and information security managers and SMEs charged with remediating legal and business risks and establishing related governance for global applications, including, but not limited to, Google (including applications, APIs and extensions), Salesforce (CRM), Eloqua (marketing automation) and Workday (human capital), financial management, risk & independence, and reporting and analytics solutions, being implemented across 157 countries and 250,000+ employees with a $200M budget.
• Managed team efforts covering, but not limited to: risk, governance and controls frameworks; information risk assessments; GDPR, data privacy and data protection (including impact assessments); data sovereignty, state secrecy laws, local laws and banking laws; data strategy; and eDiscovery, data archiving and data retention.
• Responsibilities included, but were not limited to: serving as team point-of-contact with global PMO leadership; presenting to/educating global business, project and risk communities; drafting risk inventories, baseline controls and communications for global distribution; creating qualitative and quantitative reporting; reviewing business rules; issue and risk tracking and management; developing incident response protocol; post-implementation BAU development; JIRA oversight; and triage of issues raised by global member firms.
• Spearheaded effort to streamline team operations, including strategy development, creating short- and long-term roadmap, refining reporting, roles and responsibilities and implementing organizational efficiencies.

Confidential, Newark, NJ

Consultant - Security, Privacy and Risk

Responsibilities:

• Advised enterprise on GDPR technology compliance, including Right to Data Access and Rectification, Right to Erasure, Right to Data Portability, data protection (Privacy by Design, encryption, anonymization, pseudonymization), data mapping (including data integrations) and archiving.
• Provided guidance regarding enhancement of information management and privacy risk and control self-audit processes (including gap analysis and requirements gathering) for related business and IT operations.
• Conducted and enhanced Privacy Impact Assessments, as well as inventory and business process assessments.
• Conducted research concerning NYDFS Cybersecurity Regulation, privacy and information management law, data breaches and SLDC process improvements.
• Advised on information management and privacy documentation and processes regarding PII and PHI (HIPAA Privacy Rule) to build project-based businesses cases for executive HR, Legal and IT review.
• Provided strategic guidance on development of global records management program.
• Charged with assisting with application and vendor risk assessments, including potential acquisition of new, global Human Capital Management (HCM) ERP application (Workday).

Confidential, Boston, MA

Consultant - Legal and IT Strategy & Delivery

Responsibilities:

• Served as strategy, planning and solution delivery lead and business relationship owner for Law Department and Medicare and Commercial Insurance LOBs’ technological implementation portfolio (on-premise and SaaS) in Agile and Waterfall environment.
• Oversaw $8M budget and staff of architects, business analysts, project managers, QA and UAT testing leads, and technical SMEs in matrix environment to ensure timely and quality delivery of all project and portfolio requirements.
• Managed IT solution strategy, change management, future release management, PMO reporting and governance, total cost of ownership, risk identification and mitigation, and application governance for Symantec/Veritas Clearwell (eDiscovery), ikaSystems (Medicare enrollment verification), MedHOK (Medicare, Pharmacy, Commercial and Provider LOB appeals and grievances), Connecture (insurance plan retiree management), and Compliance Data Storage technology solutions.
• Managed all phases of SDLC for all assigned solution implementations and served as primary liaison with infrastructure teams (i.e., Architecture, Data Center, DR, Networking, Service Desk, Storage, etc.) to manage all technical components of assigned projects.
• Served as primary liaison with Information Security and Privacy groups regarding IT, vendor and application risk assessments.
• Managed relationships (including SOWs and RFPs) with hardware, software, on-shore and off-shore support (Cognizant, HP, IBM and Proficient) and implementation vendors.
• Directed management efforts of master project, change management, documentation and training plans as well as RAID, RACI and internal reporting that involved the interaction of nineteen legal, business and IT units and high-level leadership.
• Served as chief litigation data lifecycle management strategist charged with creating from scratch enterprise-wide operations for entire litigation and internal/external investigation portfolio, including development and documentation (reporting, SOPs, workflows, diagrams, etc.) of all eDiscovery and forensic processes.
• Acted as primary litigation data management advisor for senior, in-house counsel and liaison with outside counsel regarding all aspects of the identification, preservation, collection (email, file shares, remote targets, etc.) review, analysis and production components of the EDRM.
• Directed operational team overseeing Law Department structured and unstructured records and data management, data mapping/migration and data/program/application governance for all compliance, investigative, legal and regulatory matters, including multi-billion dollar antitrust litigation involving over 900 legal hold custodians and thirty Blue Cross member plans.
• Assessed corporate records and information lifecycle management, information security, IT, and privacy (PHI and PII) policies to ensure effectiveness, efficiency and defensibility of practices as they relate to regulatory, compliance and legal information governance practices.
• Advised key stakeholders on implementation and governance of enterprise-wide (5,000+ users) SharePoint rollout (replacement for HP Worksite), implementation of WORM repository for secure legal and regulatory data storage and IAM provisioning reduction efforts for legal- and investigation-related data sources.
• Drafted HIPAA Incidental Use and Disclosure/Minimum Necessary Policy for legal data management operations.

Confidential, Minneapolis, MN

Consultant - Security, Information Management and eDiscovery

Responsibilities:

• Authored enterprise-wide (legal, compliance, internal audit, IT, regulatory, engineering, forensics, human resources, tax, finance, and sales and marketing departments), domestic and international information lifecycle management and information governance risk analysis for presentation to executive legal and IT management.
• Created and managed project plan to address identified risks, including, data management cost containment, information lifecycle management, information governance oversight process, design, acquisition and delivery of technological solutions; enhancement of data management process documentation; management of enterprise data stored with third-party vendors; creation of structured and unstructured data map; international PCI and PII compliance and related privacy issues for retail operations; and implementation of policy governance committee and associated operating standards.
• Drafted master information security policy and supplement to information security policy to govern employee use of technology (including managed, personal and mobile devices and storage) within enterprise to reduce legal and IT risk.
• Drafted new Information Management Policy and Information Management Standards.
• Created process and documentation related to rollout of new electronic communication policy, including policy language, standards and policy exception process.
• Created litigation-related data map covering structured data and unstructured data sources.
• Created enhanced legal data management process for identification, preservation and collection phases of EDRM (for structured and unstructured data).

Confidential, Richfield, MN

Consultant - IT, eDiscovery and Information Management

Responsibilities:

• Chairman of enterprise-wide, information governance task force, composed of representatives from employment and commercial litigation, information and records management, forensics/information security, Canadian legal, tax, enterprise architecture, information governance, messaging/mobile device, privacy and information law business units, charged with anticipating, identifying, and remediating eDiscovery and information lifecycle management issues facing enterprise.
• Advised IT, legal and tax leadership regarding the regarding physical and electronic data management for multi-billion dollar, 1,400 custodian, 200+ matter-per-year environment to create cost-effective, streamlined, defensible, and repeatable processes.
• Served as chief strategist and liaison with enterprise and solution architects, project managers, business and data analysts, and technology SMEs to deliver over twenty-five strategic data management portfolio solutions and related governance, and spearheaded creation of a litigation-related, content management data map involving over 1,100 structured and unstructured data sources.
• Provided risk analysis concerning implementation of cloud data storage, BYOD (Bring-Your-Own-Device), VDE (Virtual Desktop Environment), Mobile Device Management (AirWatch, BES) and Microsoft O365/Exchange 2010 within 160,000+ user environment, and advice concerning an array of policies and standards, including confidentiality, email and communications, information and records management, and privacy (EU Safe Harbor, PCI, PHI and PII).
• Researched and co-drafted enterprise-wide BYOD policy and related Stored Communications Act and Computer Fraud and Abuse Act compliance acknowledgement agreements and revised/redrafted Records Management and eDiscovery SOPs, workflows, diagrams, etc.
• Developed enterprise-wide structured data content hold management program and associated data mapping (including PCI, PII and PHI) to ensure complete audit trail of all activities performed by legal/tax department, enterprise architecture, forensics team, and records management office.
• Managed initiation, concept development, planning and requirements analysis phases of SDLC for acquisition and oversaw vendor analysis, creation of RFP, and potential acquisition of enhanced technology solutions for law, information security and tax departments, including data migration from existing technological platforms.
• Acted as primary eDiscovery liaison with outside commercial litigation counsel and support contractors (Accenture and PwC).
• Key member of strategy team directed with creating and managing development of backend SharePoint functionality (i.e. workflows, notices, templates, databases, etc.) for Legal Department, implementation of legal matter management and e-billing tool and associated data migration from legacy system (Wolters Kluwer Passport), and replacement of enterprise-wide email archiving system (HP-RISS), including multi-petabyte data migration.