Data Privacy Assessments

Governance Policies

Data Privacy Program Development

GDPR / CCPA Readiness

Website Compliance / Cookie Consent

Data Handling Policies / Procedures

Data Subject Rights Management

Data Inventory & Mapping

Vulnerability Management

TrustArc / GRC (ZenGRC)

SOC 2 Audits

Regulatory Assessments

Data Privacy Technology Enablement

Binding Corporate Rules (BCR)/ Privacy

Shield

Cloud Security

S K I L L S

Chief Compliance Officer & Chief Information Security Officer Ripcord, Hayward, CA / July 2018 – June 2020

Evaluate, plan and deliver compliance and risk solution options and bundled service offerings for protecting the value and use of client’s information in alignment of records using robotic process automation, AI and Machine learning. Enable compliance enforcement, security and data privacy controls across business environment. Build and deliver compliance, data privacy and security solutions across industry regulations and compliance frameworks for HIPAA, HITRUST, GDPR, CCPA, FISMA/FedRAMP, PCI-DSS, ISO 27001, SOC2, CJIS, PEN tests etc.

• Compliance/Governance Policies: Develop roadmap, support documentation, action plan, policies, procedures, vulnerability management, data protection, incident & breach notification etc.

• Security Operations: Data Protection, Network Security, Endpoint Security, Access Controls, Encryption, Threat Monitoring, Vulnerability Management, Security Analytics, Behavior Analytics (UEBA), BIA, DR/BCP

• Product Security: Secure SDLC, Application Security, Threat Modeling, WAF, OWASP, PEN Testing

• Security Policies: Organizational Security and Compliance Policies (Information Security Program, BCP/DR, Data Retention & Disposition, Access Controls, Data Classification, IT Asset Management, Breach Response, Incident Management

• Audit Facilitation and Contract Support: Coordinate and initiate internal and external audits. SOC 2, GDPR, CCPA, Vendor Management, Service Level Mgmt.

• Security Reporting: NIDs, HIDs, FIM, AV/Malware, SOCaaS, Threat Intelligence, DLP, GRC, Endpoint Detection and Response, Patch Management, Change and RCA.

• Security Training: Security Awareness Training, Secure Coding Training, Data Privacy Training, Phishing Campaigns and Simulation

• Data Privacy: GDPR, CCPA Gap Assessment and Remediation, PIA, DSAR/Consent Mgmt., Vendor Risk, Data Inventory/Data Flows, Cross-Border Transfer, Policy/Notice Management. Consultancy: Data Privacy, Information Governance and Compliance Hitachi, San Jose, CA / Jan 2018 – July 2018

Assess data privacy (GDPR) impact on current state data handling practices, policies and procedures

• Review requirements and applicability

• Identify gaps, areas of risk (PIA, PBD, Incident Response, Breach Notification, Data Handling Practices)

• Develop roadmap, action plan, policies, procedures, standards and best practices

• Direct data protection initiatives and define requirements, including data loss prevention, access controls, encryption, incident response, breach response & notification processes.

• Partner with lines of business, marketing, legal, information security, products & services, procurement, fraud, risk, business continuity, DR and other functions to identify, track, manage and protect organizational information assets.

Data Map

• Prepare a high-level summary of what personal data business environment systems hold

• Document where the data flows, develop data management & data governance framework Privacy Impact Assessment, Notices, Consent, Code of conduct and Cross Border Transfer

• Assess risk for specific areas, systems or projects

• Review and align with Enterprise Risk Framework

• Model clauses, unambiguous consent and BCRs

• Identify and mitigate risks and evaluate legal and regulatory developments. Define compliance requirements and supervise the development and revision of policies, procedures and guidelines

• Developed data privacy and information data security policy, compliance and governance strategy. Privacy by design and data protection from the inside out. Breach response and remediation. Risk mitigation and netvalue@risk reduction roadmaps.

Master’s in electrical engineering

Villanova University, Pennsylvania

Video Blog

Secure Success: Maintaining Security &

Compliance Standards

E D U C A T I O N

Solution-driven, execution-focused risk, data privacy, information security, compliance and governance professional. Program developer with keen understanding of legal regulations, privacy concerns, technical security issues, emerging technology and their intersections. Adept at communicating effectively with experts from all departments including, legal, security, sales, engineering and product teams. Align practical risk mitigation with business objectives and foster a risk-conscious corporate culture.

Strategy & Leadership: Work closely with business leadership to understand risk, compliance and governance needs and deliver solutions aligned with business needs, customers and emerging trends. Compliance, Security & Data Privacy: Expert in leading risk management initiatives with keen program management skills to develop and implement critical data privacy and security control frameworks GDPR, CCPA, SOC2, PCI DSS, ISO 27001, SCF, HIPAA/HITRUST, NIST SP 800-53, Vendor Risk Mgmt. Enterprise Risk Management: Documented success in developing and implementing strategic, comprehensive enterprise IS and IT risk management programs that ensure integrity, confidentiality, availability, privacy and security of organization’s owned and controlled information and data. Business Critical Initiatives: Drive establishment of privacy risk management, privacy tech enablement, regulatory assessments, industry-specific solutioning. P R O F E S S I O N A L P R O F I L E

PRASAD YENIGALLA

D a t a P r i v a c y G o v e r n a n c e S e c u r i t y R i s k C o m p l i a n c e 925-***-****

adj3bh@r.postjobfree.com

San Francisco, Bay Area (East)

linkedin.com/in/prasad-y

E X P E R I E N C E

Security Operations

Data Security / Encryption

Endpoint Protection

DLP/EDR/UEBA

Application & Network Pen Tests

Network Security

Security Monitoring

Compliance Monitoring

SSO & MFA

Vendor Risk Management

Privacy Impact Assessments (PIA)

Privacy by Design (PBD)

Incident Response/Breach Notification

Manage Compliance Reporting

Industry-Specific Solutioning

S E C U R I T Y & D A T A

P R I V A C Y

USA Citizen

(Authorized to work for any employer)

W O R K S T A T U S

Global Security Program Director, Medical Device Security & Data Privacy Philips Medical Devices, Pleasanton, CA / July 2015 – December 2017 Industry: Lifesciences - Medical Device Security and Data Privacy Compliance Resolved Data Security, Privacy and Regulatory compliance issues related to medical device operations

• Managed DoD RMF program to implement security controls to achieve DoD Federal agency ATO packages for Philips medical devices, radiology PACS, EMR, clinical applications & analytics

• Develop Information Protection Policies to address PHI, PII, HIPAA and appropriate security measures and controls (PAM, End Point Protection, Encryption, Security Analytics, Access Controls, etc.) as risk mitigation strategy.

• Determine deployment solution, PoC testing, Roll-out to install base. Ensure compliance with government regulations around data security and data privacy.

• Developed procedures for Privacy Impact Assessments, Privacy by design and privacy policies in-line with industry standards and regulations.

• Developed strategy and led data privacy (HIPAA & GDPR) assessment and implementation into operations, supply chain governance and processes in light of the changing regulatory landscape in data handling practices.

• Enhanced program integration and privacy risk awareness.

• Oversee the development, review, documentation and implementation of complex filters, rules and event identification routines.

• Regulatory process implementation – regulatory affairs support, complaints and inquiries handling, data subject rights request response, consent tracking, etc.

• Translate high-level requirements into executable project plans and build workflows to fit the specific parameters of the project – from proven, out-of-the-box methods to custom to meet the business model.

Director, Cybersecurity Project Services

Pacific Gas & Electric, San Ramon, CA / July 2008 – May 2015

• Led the development of Integrated Cyber Security and ITSM Program to improve IT security maturity.

• Established framework and security structure for PMO and RMO: tracking overarching security initiatives.

• Measured risk reduction and capability enhancements based on defined key metrics and milestones.

• Build Security Dashboard visibility to monitor open security incidents, un-patched vulnerabilities, policy violations, brute force attacks, DDoS, reconnaissance activity, system exploits etc.

• Established and successfully implemented operational transformation, service integration, cloud security, infrastructure transformation, data center consolidation and transformation. SLA/OLA, BIA and DR activities.

Sr. Director, Enterprise Risk Management

Samsung, Santa Clara, CA / February 2002 – May 2008

• Responsible for security solutions at a Global Level. Led evaluation, design, planning, implementation, roll-out of critical security solutions and controls.

• Built high performance and focused cross-functional (100+) members in a complex global environment.

• Implemented Enterprise Security Transformation Services supporting infrastructure security, application security, Vulnerability and Threat Management and Monitoring. E X P E R I E N C E c o n t i n u e d

PRASAD YENIGALLA

D a t a P r i v a c y G o v e r n a n c e S e c u r i t y R i s k C o m p l i a n c e 925-***-****

adj3bh@r.postjobfree.com

San Francisco, Bay Area (East)

linkedin.com/in/prasad-y

P R O F E S S I O N A L D E V E L O P M E N T

Certified ITIL Foundation in IT Service Management Certified ITIL Practitioner Expert in IT Service Management Certified ISO 27001 Lead Implementer

Certified PMI PMP

RMF Cybersecurity Certified Expert Independent Assessor (CEIA) – Information Assurance, Data Privacy, Security Controls – NIST SP 800-53, 53A, NIST SP 800-37 DoD RMF Certified Expert Continuous Monitoring (CECM) – Information Security Continuous Monitoring (ISCM) NIST SP 800-137, NIST SP 800-55

GDPR Practitioner

Contact this candidate