Projects with Other Consultancies
Prior to owning her own business, Rebecca was the Vice President – Privacy Services and internal Chief Privacy
Officer at DelCreo, Inc. for two years. Some of Rebecca’s responsibilities and experiences there included the
following:
- Developed the organization’s corporate-wide privacy policy and created the roll-out strategy and plan to ensure all
management were aware of their responsibilities and that personnel knew, understood and followed the privacy policies and
procedures. Included training and awareness covering applicable laws and regulations.
- Developed, implemented and managed the DelCreo privacy governance program which included controls to reduce privacy
risks and to ensure appropriate access controls based upon job responsibilities.
- Met and communicated regularly with corporate leaders and management to explain information privacy and security objectives
and obtain their support and commitment for information privacy and security activities, technologies and policies.
- Developed the strategy and methodology to integrate privacy standards into e-commerce applications for a large
- Fortune 50 multi-national organization.
- Created the privacy awareness and training strategy and implementation plan for large multinational Fortune 50 and 500
organizations.
- Created information security and privacy policies, standards and procedures for multiple Fortune 500 organizations.
- Analyzed the business associate contracts for a major Fortune 50 manufacturer and identified privacy risks and concerns and
recommended ways to address the risks.
- Developed and continue to deliver a two-day “Managing a Privacy Governance Program” workshop for the Computer Security
Institute.
- Performed Privacy Impact Assessments (PIAs) for a large multinational Fortune 50 and 500 technology organizations and for a
large multinational Fortune 500 healthcare and financial services organization.
- Identified all personally identifiable information (PII) within multiple large multinational Fortune 50 and privately owned
organizations and created a PII inventories.
- Created approximately 1000 standards statements, mapped to ISO 17799 and applicable U.S. and international laws and
regulations, to support the information security policies for a large Fortune 50 multinational services organization.
- Created the information security and privacy education effectiveness baseline and evaluation methodologies for a large
Fortune 50 multinational services organization.
- Prior to DelCreo, Rebecca was Chief Privacy Officer and Senior Security Architect for QinetiQ Trusted Information
Management, Inc. (Q-TIM) where she worked since the inception of the company as Securus in November of 2001.
Prior to joining Q -TIM, Rebecca was the Global Security Practice Central Region Security Subject Matter Expert for 2 years at Netigy
(which became ThruPoint in September 2001). Some of Rebecca’s responsibilities and experiences at these organizations included
the following:
- Performed a financial security and privacy regulatory requirements policies gap analysis and risk assessment for a large west
coast bank and mortgage client.
- Performed a Health Insurance Portability and Accountability Act (HIPAA) gap analysis and risks assessment for a large
technology services vendor and their large state government client. Among the involved tasks, performed policies and
procedures review and vulnerability assessment to identify gaps with HIPAA requirements. Created a HIPAA remediation plan
for closing gaps and complying with HIPAA regulations.
- Provided guidance, example policies and an analysis of risks involved with handheld computing devices at the request of U.S.
Air Force generals at the Air Force Research Lab in Dayton, Ohio for handheld device and PDA security.
- Created the organization’s corporate-wide privacy policy and created the roll-out strategy and plan to ensure all management
were aware of their responsibilities and that personnel knew, understood and followed the privacy policies and procedures.
- Created information security policies, standards, procedures and guidelines for a large Fortune 100 multinational
manufacturing organization.
- Creating information security training module content for a large Fortune 100 multinational manufacturing organization.
- Performed corporate vulnerability assessments for a number of organizations, including the State of Iowa and a multimedia
entertainment organization.
- Created executive information security standards and procedures for a large multinational professional services organization.
- Created information security standards to support existing information security policies for major multinational professional
services organization.
- Reorganized and updated information security policies, procedures and standards for a large multinational
- Fortune 100 manufacturing organization.
- Created an information classification architecture and implementation process for a large multi-national communications
company.
- Created comprehensive privacy awareness and training roadmap, implementation strategy, and supporting curriculum for a
large multi-national Fortune 50 organization.
- Created web site privacy policies along with a privacy implementation methodology for a west coast based organization.
- Created privacy standards to be integrated into e-commerce applications for a Fortune 50 multi-national organization.
- Created a comprehensive set of HIPAA security and privacy policies and corresponding quiz questions, in addition to
compliance self-assessment and gap analysis tools, white papers and executive overviews, for NetIQ to use within their VPC
system.
- Created a comprehensive set of 21 CFR Part 11 policies and corresponding quiz questions, in addition to compliance self-
assessment and gap analysis tools, white papers and executive overviews, for NetIQ to use within their VPC system.
- Created FDA 21 CFR Part 11 compliant standards for a major multi-national pharmaceutical corporation.
|
|
|
|
