Cyber Security Data Privacy

Dr. Cyril Tommy Foday-kailie

**** ******** ** * ********* MN. ********@*****.*** www.linkedin.com/in/cyril-tommy-foday-kailie-ph-d-cissp-ccsk-dpo-gdpr-ecih-b79572ba https://www.credly.com/users/cyril-foday-kailie

Summary

Cyber security and data privacy scholar-practitioner with exceptional attention to detail, strong analytical skills, and proven ability to communicate across disciplines to produce excellent work under strict deadlines. Project management abilities and outstanding written and verbal communication skills. Superior capacity to solve complex business problems and convey issues clearly and concisely.

Skills

Data Privacy Risk Assessment Regulatory Analysis Compliance Policy Analysis

Cyber Security Risk Assessment Software Proficiency Database Management, Legal and IT Research, Cyber supply chain risk management and governance, GDPR, NIS 1, NIS 2, HIPAA, Federal and Jurisdiction Privacy and Technology law, international privacy regulation, Cyberwarfare doctrines, and international law, NIST CSFv1/V2, CPRA, CCPA and other US privacy laws

Cybersecurity Privacy and Data Protection

EDUCATION

MSc Cybersecurity Privacy and Data Protection Albany Law School (Master of Science in Legal Studies in Cybersecurity and Data Privacy) Magna Cum Laude Class of 2024

Ph.D., MSc, BSc Capella University Minneapolis, MN, Information Technology Management and Cyber Security, Information Technology Management 2009-2021 Summa Cum Laude

CORE QUALIFICATIONS

•MS Office 365, wired and wireless network and application management and analytic proficiency

•SharePoint Online proficient

•Proficiency in implementing self-assessment against standard assurance benchmarks like SOC 2, CIS/CSC, NIST CSF v2, NIST, SP 800-171,172,

•HIPAA Privacy Rule, Security Rule, HITECH Act, and Final Rule, HIPAA, and State preemption

•Firewall, network, and server management

•Proficient in SOC 1, SOC 2, and SOC 3 Reporting,

•Proficient Cloud Infrastructure management, security and Assurance

•Proficiency in Wireless, virtualization technologies, health operational technologies

•Data Science, Machine learning, deep learning, and AI proficiency and it regulation

•Exception Records and Information Management experience

•CISSP, Security Plus, Certified Data Protection Officer, Certified Security Incident Handly, Certified Ethical Hacker, Certified Project Manager, Certified Cloud Security Knowledge (CCSK, etc.)

EXPERIENCE

United Nations Secretariat, assigned to the United Nations Assistance Mission in IRAQ and the United Nations Investigative Team to promote Accountability for Daesh Tribunal 2017- March 2024 – Present

My recent responsibilities with the United Nations Secretariat include leading and developing service-level agreements with vendors and partners, aligning legal requirements for technology and Enterprise deployment in my entity, and developing guardrails for organizations toward certification paths (e.g., ISO 27000, CMMC, and Required NIST frameworks).

Provide technical and legal counsel that aligns with multi-jurisdictional statutes as required for operationalizing the Secretary-General's Data Strategy and Privacy and Data Protection Policy. Bridge the gap between IT operations and legal compliance, ensuring cybersecurity control practices and safeguarding end-user privacy.

EXPERTISE

Cybersecurity: Proficient in cybersecurity practices and risk management.

Assurance and Compliance: Skilled in ensuring adherence to legal and regulatory requirements, including cyber supply chain risk management and cyber security awareness and training.

Data Privacy and Protection: Provide leadership in managing end-user risk related to data privacy and protection, including compliance with global privacy regulations and federal and State Statutes (e.g., CCPA, CPRA, GDPR, HIPAA, FERPA, NYPA, VCDPA, International and National Cyber Doctrine, Cybersecurity Frameworks including NIST CSFv2, ISO 27001/2, SOC 2 and COSO, etc.)

Legal Research: Provide leadership in legal research related to technology and privacy law compliance.

Risk Management: Develop compliance recommendations within the organization’s risk tolerance to sustain cybersecurity and end-user privacy. Provide technical and legal counsel based on federal and State statutes, torts, contracts, antitrust laws, and anti-competitive perspectives as required by the FTC, SEC, and OCR while providing a guide for blockchain concepts and best practices.

United Nations Secretariat (Located in Baghdad): Cyber Security and Enterprise Risk Manager December 2017 – ongoing

Under the supervision of the Chief of Section, the Enterprise Security Architect shall design, develop, and secure the implementation of recommended innovative ICT resources and solutions. Your continuous improvement processes will play a crucial role in addressing mission challenges, underscoring the significance of your potential contribution.

• Functionally implement Operational Resilience for all ICT resources, fostering preventive maintenance as required with ICT Infrastructure. Transform business processes by providing digital automation capabilities to foster productivity through application development, such as a meal management system for the Fujian Guard force. • Design and guide the implementation of Privacy by Design and Default in the Mission technology business process.

• Strive to improve the Geo-Spatial Mapping Unit's (GSMU) efficacy by executing strategic initiatives to enhance data accuracy, operational efficiency, user satisfaction, and Environmental and Social Governance (ESG).

• Foster the migration of end-user computing to the MS Azure platform for identity management and security. Managing Cyber Security and E5 Platform. Provide support for the UNGSC concept of migrating from Voice over IP to Voice over Cloud (MS Team)

Assist the Section Chief in Developing and leveraging the IT Budget.

Integrating Enterprise Risk Management framework of ISO/IEC 31000 with NIST CSF v2 to govern IT business processes

United Nations Secretariat, Mission in Congo: Cyber Security and Enterprise Risk Manager December 2009 – October 2016

Define ICT security standards and develop baselines to support operational requirements. Ensure compliance with industry "Best Practices. Incorporated international and federal regulations to meet organization ICT expectations through strategic ICT business planning; conceptualized and implemented security architecture based on Enterprise Architecture perspectives. Design ICT architectural perspective to support convergence services. Define end-user training programs to support ICT training requirements; undertake cybersecurity vulnerability assessment; Develop mitigation strategy for the cyber risk register.

Undertake holistic cybersecurity programs and manage server deployments, installation, administration, and development.

Security assurance team lead governing ICT resources, requisitioning and implementing ICT security technologies, and asset classifications.

Undertake risk management and analyses and define risk control recommendations.

Provide oversight for ICT governance and compliance, data privacy and protection, ISO/IEC 27001/2

Designed and implemented Active Directory/Azure Windows directory services; Developed endpoint protection through centralized Windows software update services using Windows Defender; established centralized malware endpoint protection with Symantec Endpoint Protection.

Perform Risk management and governance process developed from Business Impact Analysis, produced vulnerability assessment, audit, and managed Organization ICT security incidents.

Researcher interested in human-centric security controls, IT governance assurance, and security.

UNIQUE VALUE PROPOSITION

I can offer adaptable knowledge of global privacy regulations and technology statutes and bring United Nations Secretariat operational diversity and experience. I have a strong information technology background, a passion for ensuring technical and legal compliance related to data privacy and protection are met, and proficiency in managing end-user risk related to data privacy and protection complies with jurisdictional privacy regulations and cybersecurity.

ENTHUSIASM

I am enthusiastic about governance and enterprise risk management, especially in fintech and non-fintech domains, while providing support at the intersection of technology and law. I am avid about business and security analysis and governance of Operational IT and supply chain while combining legal and technology expertise to ensure privacy compliance, data protection, Environment and Social Governance (ESG), and Cybersecurity regulatory compliance as required under the law.

Contact this candidate