Sybil McCormack

Draft, review, redline and negotiate information security clauses in IT SaaS Master Service Agreements (MSAs), Data Security Agreements (DSAs), GDPR-related Data Processing Addenda (DPAs), Vendor MASPAs, Partnership Agreements, Reseller Agreements, etc. Develop contract-related and information security-related documents/policies pertinent to the European Union's General Data Protection Regulation (GDPR) as well as regulatory frameworks such as the California Consumer Privacy Act (CCPA), ISO, SSAE-18/SOC, etc. Deliver subject matter expertise in the Privacy, IT Governance, Regulatory Compliance, Incident Response/Management, Incident Crisis Management, Disaster Recovery, Vendor Risk Management, Business Resilience, Business Continuity, Risk Assessment and Regulatory Audit spheres. Leverage knowledge of the NIST, HIPAA-HITRUST, GDPR, PCI, SSAE-18 Type 1 SOC 2 , ISO 27001 & SOX security controls as well as other regulatory requirements and security and privacy compliance frameworks to facilitate realization of the companys information security goals. Plan, design, write and finalize policies in compliance with applicable control frameworks, procedures and guidelines. Monitor remediation activity and verify control effectiveness for identified weaknesses. Assess the services of cloud services and other third-party vendors/providers against established best practices pertinent to applicable regulatory frameworks. Plan, contract for and direct periodic disaster recovery tests at a remote disaster site. Interpret regulations, guidelines, compliance frameworks, policies and procedures for company staff and project teams.