Other Consultancies Projects

Projects with Other Consultancies

Prior to owning her own business, Rebecca was the Vice President – Privacy Services and
internal Chief Privacy Officer at DelCreo, Inc. for two years. Some of Rebecca’s
responsibilities and experiences there included the following:

Developed the organization’s corporate-wide privacy policy and created the roll-out
strategy and plan to ensure all management were aware of their responsibilities and
that personnel knew, understood and followed the privacy policies and procedures.
Included training and awareness covering applicable laws and regulations.
Developed, implemented and managed the DelCreo privacy governance program
which included controls to reduce privacy risks and to ensure appropriate access
controls based upon job responsibilities.
Met and communicated regularly with corporate leaders and management to explain
information privacy and security objectives and obtain their support and commitment
for information privacy and security activities, technologies and policies.
Developed the strategy and methodology to integrate privacy standards into e-
commerce applications for a large Fortune 50 multi-national organization.
Created the privacy awareness and training strategy and implementation plan for large
multinational Fortune 50 and 500 organizations.
Created information security and privacy policies, standards and procedures for
multiple Fortune 500 organizations.
Analyzed the business associate contracts for a major Fortune 50 manufacturer and
identified privacy risks and concerns and recommended ways to address the risks.
Developed and continue to deliver a two-day “Managing a Privacy Governance
Program” workshop for the Computer Security Institute.
Performed Privacy Impact Assessments (PIAs) for a large multinational Fortune 50 and
500 technology organizations and for a large multinational Fortune 500 healthcare and
financial services organization.
Identified all personally identifiable information (PII) within multiple large multinational
Fortune 50 and privately owned organizations and created a PII inventories.
Created approximately 1000 standards statements, mapped to ISO 17799 and
applicable U.S. and international laws and regulations, to support the information
security policies for a large Fortune 50 multinational services organization.
Created the information security and privacy education effectiveness baseline and
evaluation methodologies for a large Fortune 50 multinational services organization.

Prior to DelCreo, Rebecca was Chief Privacy Officer and Senior Security Architect for
QinetiQ Trusted Information Management, Inc. (Q-TIM) where she worked since the inception
of the company as Securus in November of 2001. Prior to joining Q -TIM, Rebecca was the
Global Security Practice Central Region Security Subject Matter Expert for 2 years at Netigy
(which became ThruPoint in September 2001). Some of Rebecca’s responsibilities and
experiences at these organizations included the following:

Performed a financial security and privacy regulatory requirements policies gap
analysis and risk assessment for a large west coast bank and mortgage client.
Performed a Health Insurance Portability and Accountability Act (HIPAA) gap analysis
and risks assessment for a large technology services vendor and their large state
government client. Among the involved tasks, performed policies and procedures
review and vulnerability assessment to identify gaps with HIPAA requirements.
Created a HIPAA remediation plan for closing gaps and complying with HIPAA
regulations.
Provided guidance, example policies and an analysis of risks involved with handheld
computing devices at the request of U.S. Air Force generals at the Air Force Research
Lab in Dayton, Ohio for handheld device and PDA security.
Created the organization’s corporate-wide privacy policy and created the roll-out
strategy and plan to ensure all management were aware of their responsibilities and
that personnel knew, understood and followed the privacy policies and procedures.
Created information security policies, standards, procedures and guidelines for a large
Fortune 100 multinational manufacturing organization.
Creating information security training module content for a large Fortune 100
multinational manufacturing organization.
Performed corporate vulnerability assessments for a number of organizations,
including the State of Iowa and a multimedia entertainment organization.
Created executive information security standards and procedures for a large
multinational professional services organization.
Created information security standards to support existing information security policies
for a major multinational professional services organization.
Reorganized and updated information security policies, procedures and standards for
a large multinational Fortune 100 manufacturing organization.
Created an information classification architecture and implementation process for a
large multi-national communications company.
Created comprehensive privacy awareness and training roadmap, implementation
strategy, and supporting curriculum for a large multi-national Fortune 50 organization.
Created web site privacy policies along with a privacy implementation methodology for
a west coast based organization.
Created privacy standards to be integrated into e-commerce applications for a Fortune
50 multi-national organization.
Created a comprehensive set of HIPAA security and privacy policies and
corresponding quiz questions, in addition to compliance self-assessment and gap
analysis tools, white papers and executive overviews, for NetIQ to use within their VPC
system.
Created a comprehensive set of 21 CFR Part 11 policies and corresponding quiz
questions, in addition to compliance self-assessment and gap analysis tools, white
papers and executive overviews, for NetIQ to use within their VPC system.
Created FDA 21 CFR Part 11 compliant standards for a major multi-national
pharmaceutical corporation.