Projects with Other Consultancies                              
Prior to owning her own business, Rebecca was the Vice President – Privacy Services and internal Chief Privacy
Officer at DelCreo, Inc. for two years. Some of Rebecca’s responsibilities and experiences there included the
following:
  • Developed the organization’s corporate-wide privacy policy and created the roll-out strategy and plan to ensure all
    management were aware of their responsibilities and that personnel knew, understood and followed the privacy policies and
    procedures. Included training and awareness covering applicable laws and regulations.
  • Developed, implemented and managed the DelCreo privacy governance program which included controls to reduce privacy
    risks and to ensure appropriate access controls based upon job responsibilities.
  • Met and communicated regularly with corporate leaders and management to explain information privacy and security objectives
    and obtain their support and commitment for information privacy and security activities, technologies and policies.
  • Developed the strategy and methodology to integrate privacy standards into e-commerce applications for a large
  • Fortune 50 multi-national organization.
  • Created the privacy awareness and training strategy and implementation plan for large multinational Fortune 50 and 500
    organizations.
  • Created information security and privacy policies, standards and procedures for multiple Fortune 500 organizations.
  • Analyzed the business associate contracts for a major Fortune 50 manufacturer and identified privacy risks and concerns and
    recommended ways to address the risks.
  • Developed and continue to deliver a two-day “Managing a Privacy Governance Program” workshop for the Computer Security
    Institute.
  • Performed Privacy Impact Assessments (PIAs) for a large multinational Fortune 50 and 500 technology organizations and for a
    large multinational Fortune 500 healthcare and financial services organization.
  • Identified all personally identifiable information (PII) within multiple large multinational Fortune 50 and privately owned
    organizations and created a PII inventories.
  • Created approximately 1000 standards statements, mapped to ISO 17799 and applicable U.S. and international laws and
    regulations, to support the information security policies for a large Fortune 50 multinational services organization.
  • Created the information security and privacy education effectiveness baseline and evaluation methodologies for a large
    Fortune 50 multinational services organization.
  • Prior to DelCreo, Rebecca was Chief Privacy Officer and Senior Security Architect for QinetiQ Trusted Information
    Management, Inc. (Q-TIM) where she worked since the inception of the company as Securus in November of 2001.

Prior to joining Q -TIM, Rebecca was the Global Security Practice Central Region Security Subject Matter Expert for 2 years at Netigy
(which became ThruPoint in September 2001). Some of Rebecca’s responsibilities and experiences at these organizations included
the following:
  • Performed a financial security and privacy regulatory requirements policies gap analysis and risk assessment for a large west
    coast bank and mortgage client.
  • Performed a Health Insurance Portability and Accountability Act (HIPAA) gap analysis and risks assessment for a large
    technology services vendor and their large state government client. Among the involved tasks, performed policies and
    procedures review and vulnerability assessment to identify gaps with HIPAA requirements. Created a HIPAA remediation plan
    for closing gaps and complying with HIPAA regulations.
  • Provided guidance, example policies and an analysis of risks involved with handheld computing devices at the request of U.S.
    Air Force generals at the Air Force Research Lab in Dayton, Ohio for handheld device and PDA security.
  • Created the organization’s corporate-wide privacy policy and created the roll-out strategy and plan to ensure all management
    were aware of their responsibilities and that personnel knew, understood and followed the privacy policies and procedures.
  • Created information security policies, standards, procedures and guidelines for a large Fortune 100 multinational
    manufacturing organization.
  • Creating information security training module content for a large Fortune 100 multinational manufacturing organization.
  • Performed corporate vulnerability assessments for a number of organizations, including the State of Iowa and a multimedia
    entertainment organization.
  • Created executive information security standards and procedures for a large multinational professional services organization.
  • Created information security standards to support existing information security policies for major multinational professional
    services organization.
  • Reorganized and updated information security policies, procedures and standards for a large multinational
  • Fortune 100 manufacturing organization.
  • Created an information classification architecture and implementation process for a large multi-national communications
    company.
  • Created comprehensive privacy awareness and training roadmap, implementation strategy, and supporting curriculum for a
    large multi-national Fortune 50 organization.
  • Created web site privacy policies along with a privacy implementation methodology for a west coast based organization.
  • Created privacy standards to be integrated into e-commerce applications for a Fortune 50 multi-national organization.
  • Created a comprehensive set of HIPAA security and privacy policies and corresponding quiz questions, in addition to
    compliance self-assessment and gap analysis tools, white papers and executive overviews, for NetIQ to use within their VPC
    system.
  • Created a comprehensive set of 21 CFR Part 11 policies and corresponding quiz questions, in addition to compliance self-
    assessment and gap analysis tools, white papers and executive overviews, for NetIQ to use within their VPC system.
  • Created FDA 21 CFR Part 11 compliant standards for a major multi-national pharmaceutical corporation.
Sign Up For Free Monthly Privacy Awareness Tips
Email:  
For Email Newsletters you can trust
 
© 2014 Rebecca Herold & Associates, LLC.  All rights reserved.
Privacy Policy  
Email Rebecca Herold