Program Manager Incident Response
Resume:
LENA BOONE, ESQ., CIPP/US
Bar Admissions: licensed to practice law in Maryland; District of Columbia, and California
Completed AI Governance Professional Training through IAPP
Phone: 818-***-****; Email: ****.******@*****.***
EXPERIENCE
Privacy Program Manager
Present, ASRC Federal
•Advising on matters related to privacy and monitoring changes in regulations, laws and executive orders to assess the impact and to implement the new requirements;
•Supporting the development and the implementation of an agency-wide privacy management program;
•Supporting the development of an Artificial Intelligence (AI) governance framework including the review and update of AI policy, the review and update of related policies to reflect AI guidance, and the development of processes for AI use;
•Reviewing, as needed, documents submitted to Office of Management and Budget (OMB) related to OMB Memo M-22-09, Moving the U.S. Government Towards Zero Trust Cybersecurity Principles;
•Collaborating with stakeholders to draft a Data Security Policy;
•Collaborating with the Controlled Unclassified Information (CUI) Management Program to review documents and provide guidance on CUI related matters;
•Conducting risk assessment of systems that are being considered for automation, including discussing integrating consent, notification, and another avenue for individual access;
•Reviewing, updating, and drafting guides, policies, (i.e., privacy policy, privacy program plan, PII incident response plan), procedures and standard operating procedures to comply with the Privacy Act of 1974, E-Government Act of 2002, NIST Standards, OMB policies and guidance;
•Creating and implementing agencywide and role-based privacy training and role-based training;
•Working with stakeholders to conduct privacy assessments on new and existing systems, tools and applications including supporting the drafting of Privacy Threshold Analysis (PTA), Privacy Impact Assessments (PIA), Privacy Continuance Monitoring (PCM), and Privacy Act Statements;
•Assessing whether systems, tools and applications meet privacy controls requirements;
•Assisting program offices with developing, revising, and rescinding System of Records Notices (SORNs) including submitting SORN packages to OMB for review through ROCIS;
•Supporting the annual Senior Agency Official for Privacy (SAOP) FISMA audit including presenting metrics to SAOP and uploading answers and supporting documents in CyberScope;
•Supporting the annual Inspector General FISMA Reporting audit as needed;
•Developing, reviewing, and maintaining a process to support the reduction of unnecessary use of Social Security Numbers (SSNs) and Personally Identifiable Information (PII) including drafting SSN Reduction Plan and SSN Use Policy and conducting SSN Use Survey and any needed follow ups to ensure the agency is complying with the SSN reduction laws and policies;
•Developing, maintaining, and updating privacy web policies;
•Working closely with the Security Operations Center (SOC) and providing incident response support for reported incidents involving privacy data;
•Supporting the agency’s incident response efforts including updating the PII Incident Response Plan and participating in incident response tabletop exercises;
•Assessing privacy controls following NIST standards and addressing privacy controls findings through a Privacy Plan of Action & Milestone (POA&M);
•Reviewing change requests submitted to ensure compliance with executive orders, regulations, policies, and guidance;
•Drafting content for communication and material for Cybersecurity Awareness Month;
•Providing briefings and preparing reports to present to the SAOP;
•Developing and recommending improvements to IT systems and/or processes to improve privacy; and
•Generating status reports to ensure compliance and alignment with the project requirements.
Privacy Analyst
January 2022 – January 2023, Business Integra
•Supported privacy related matters including conducting privacy assessment on new and existing systems and applications;
•Worked with stakeholders to conduct privacy assessments on new and existing systems, tools and applications including supporting the drafting of Privacy Threshold Analysis (PTA), Privacy Continuance Monitoring (PCM), and Privacy Act Statements;
•Assisted program offices with identifying appropriate System of Records Notices (SORNs) and the need to update SORNs, if required;
•Drafted Privacy Act Statements to advise individuals of their rights under the Privacy Act where required;
•Assessing privacy controls following NIST standards and addressing privacy controls findings through a Privacy Plan of Action & Milestone (POA&M);
•Assisted programs in resolving and addressing privacy related questions;
•Assessing whether systems, tools and applications meet privacy controls requirements;
•Participated in system assessment and authorization and continuous monitoring;
•Prepared monthly reports of work completed;
•Ensured Memorandum of Understandings (MOUs) and PII Sharing Agreements are drafted where needed; and
•Guided System Owners through the process of meeting privacy requirements.
Privacy Compliance Specialist
October 2020 – January 2022, Favor Tech Consulting, LLC
•Led a team to support federal agencies and to ensure compliance with applicable law and policy including Privacy Act Implementation related matters;
•Built strategic plans with stakeholders throughout the agency to ensure engagement of appropriate parties and compliance with the agency’s policies and legal requirements;
•Provided direct support, management, and oversight of Privacy Act Implementation efforts;
•Assisted program offices with the development of System of Record Notices (SORNs) for all applicable systems and reviewed documents for privacy compliance sufficiency;
•Developed, reviewed, and maintained privacy policies and standard operating procedures to ensure compliance with Office of Management and Budget guidelines and internal policies;
•Developed, maintained, and updated privacy content and web policies on external and internal privacy webpages;
•Reviewed and analyzed privacy compliance documentation;
•Reviewed Computer Matching Agreements (CMAs) prior to submittal to Office of Management and Budget and Congress;
•Provided privacy training to ensure understanding of responsibilities required by federal mandates;
•Attended and participated in Privacy Controls and Privacy Impact Assessment Working Group meetings;
•Drafted various reports including the annual Senior Agency Official for Privacy report;
•Handled privacy related requests sent by stakeholders including conducting legal research and analysis;
•Assisted Social Security Number Reduction team and Project Management Organization team as needed; and
•Served as Acting Program Manager when needed.
Compliance Specialist
March 2020 – October 2020, TRACE International
•Responsible for supporting over 200 member companies, including consumer products and retail, in developing and maintaining their anti-bribery compliance programs and policies;
•Developed an understanding of member company business and how TRACE products are deployed;
•Stayed apprised of anti-bribery legal developments to understand the challenges facing TRACE members in all jurisdictions;
•Supported TRACE Members in developing and solidifying relationships at every level of the member organization;
•Ensured outstanding member experiences through demonstrating an extraordinary level of customer service;
•Managed day-to-day member communications, independently troubleshooted problems and escalated to the right department as needed;
•Proactively communicated and followed-up with members by phone and email regarding anti-bribery guidance;
•Onboarded new members and scheduled follow up demonstrations and calls as needed;
•Maintained familiarity of relevant technology and industry developments, based on member portfolio and TRACE product portfolio; and
•Referred high risk accounts to Senior Management as appropriate.
Senior Privacy Consultant
September 2019 – March 2020, MBL Technologies
•SME Guidance on privacy regulations and legislation for privacy resource center;
•Author of Privacy Framework Report outlining program goals, strategy, key performance metrics, and challenges;
•Key assessor of ongoing gap assessments across the privacy enterprise to identify risks and learning gaps;
•Developed and managed program two-year Implementation Plan;
•Briefed leadership on matters related to breaches, audits, and contract progress;
•Created Standard Operating Procedures for breach incidents and breach tracking;
•Assisted in responding to breaches of personally identifiable information (PII);
•Created a remediation plan and put an implementation plan in place following Office of Inspector General audit findings related to breach; and
•Drafted and revised content for federal agencies’ privacy policies.
Consultant
September 2018 – December 2018, Ernst & Young
•Conducted privacy assessments;
•Supported and guided corporate clients in adhering to national regulations (e.g., California Consumer Privacy Act);
•Compiled and verified data from clients, and identified potential privacy risks;
•Reviewed documents and conducted stakeholders’ interviews;
•Revised privacy training material to adhere to regulations;
•Created reports to keep clients informed of the work completed; and
•Reviewed Statement of Work, NDAs, and reports.
Manager
October 2004 – July 2016, Feldman & Rothstein, P.C.
•Managed all aspects of PHI and PII data management in preparation for cases;
•Managed, developed, implemented, and monitored policies, procedures, processes, training, and corrective action plans to ensure compliance with federal and state laws and regulations related to healthcare;
•Created policies on PII retention and disposal;
•Acquired subject matter expertise in HIPAA compliance, data sharing and protection compliance, and other health information confidentiality-related laws and regulations;
•Developed templates to assist employees in complying with HIPAA privacy related matters;
•Conducted legal research and reviewed relevant state laws on personal injury;
•Reviewed and negotiated contracts;
•Obtained police reports;
•Gathered medical reports and reviewed medical reports and health insurance claims;
•Negotiated medical and government liens;
•Assisted attorneys in preparing settlement demands in personal injury cases;
•Scheduled and attended Independent Medical Examinations (IMEs);
•Drafted legal memoranda, discovery, and interrogatories responses;
•Attended court appearances, depositions, mediations, and arbitrations with lawyers;
•Prepared clients for recorded statements, depositions, mediations, arbitrations, and court appearances;
•Assisted clients in completing Small Claims Court forms;
•Drafted correspondence to clients, doctors, insurance companies, and witnesses;
•Interviewed clients and obtained information related to the facts of the accidents;
•Kept cases organized by monitoring calendars, meeting deadlines, updating files with new information, and confirming case status with lawyers;
•Kept clients informed by regularly communicating case progress;
•Trained administrative staff on compliance with office policies and procedures;
•Handled accounts payable and accounts receivable for the firm; and
•Conducted hiring interviews and trained new employees.
EDUCATION
MAY 2018
Master of Law, National Security Law, Georgetown University Law Center
GPA: 3.51/4.0
DECEMBER 2016
Juris Doctorate, Whittier Law School
GPA: 3.31/4.0 (Class Rank: top 16%)
Honors and Awards: Magna Cum Laude, Deans List
Bachelor of Science, Communications, Arizona State University
GPA: 3.57/4.0
Honors and Awards: Cum Laude, Dean’s List
ACTIVITIES
•Non-Government Observer / Guantanamo Bay, Cuba
oSpent one week on the military base in Guantanamo Bay to observe the USS Cole case proceedings.
•Volunteer Law Clerk / Los Angeles District Attorney’s Office – Organized Crime Unit / Los Angeles, CA
oEngaged in legal research and writing;
oReviewed transcripts and discussed trial strategy;
oComposed drafts of motions and prepared reports, documents and memoranda; and
oSorted and evaluated evidence and assembled trial notebooks.
•Legal Consultation
oDrafted Data Protection Agreements;
oReviewed and recommended changes to Fair Access Policies, Special Customer Agreements (SCA), Reseller Agreement, Online Commercial, Product Specific Schedules, Platform Service Level Agreements, Product Subscription Reference Guides, Product Subscription References, and Sub-Processor Information documentation;
oReviewed and updated Data Processing and Security Addenda;
oEngaged in legal research and writing for private practice on matters related to family law, torts, and criminal law; and
oReviewed reports and discussed trial strategy.
LICENSES
•CIPP/U.S.
•License to practice law in District of Columbia, Maryland, and California
•AI Governance Professional
oCurrently training to become certified in AI Governance through IAPP
OTHER INFORMATION
Foreign Language Skills: English (fluent), Arabic (native), French (limited).
Contact this candidate