• Served as lead counsel on data privacy, product compliance, partnering with InfoSec, Marketing, IT, Product, Engineering, and HR on privacy, cybersecurity, and AI governance regulatory compliance, while supporting broader initiatives, sustainability, and global compliance. • Led global privacy compliance efforts across U.S., EU, UK, Brazil, Mexico, and Canada, aligning policies with CCPA / CPRA, GDPR, LGPD, PECR, and other jurisdictional requirements. • Negotiated privacy and AI - related terms in SaaS, MSA, and DPA agreements, integrating SCCs and other safeguards. • Advised InfoSec, Marketing, Product, HR, and Engineering on privacy regulations, AI compliance, sensitive personal data protections, and targeted advertising strategies. • Developed and implemented privacy and AI compliance policies, playbooks, and incident response protocols. • Conducted DPIAs and TIAs for high - risk processing and cross - border transfers; oversaw ROPA maintenance and vendor due diligence processes. • Monitored global regulatory developments in privacy and AI, providing actionable insights to business leadership. • Delivered privacy and security awareness training to foster a compliance - driven culture.

• Provided strategic legal counsel to executive management on all aspects of healthcare operations, ensuring alignment with federal and state regulatory requirements. • Led privacy, data protection, and compliance initiatives across multiple clinic locations, supporting HIPAA, HITECH, Stark Law, Anti - Kickback Statute, and state health regulations. • Designed and operationalized ethics and compliance programs, including policies, training, third - party due diligence, internal investigations, and communications that reinforced a culture of accountability. • Reviewed and negotiated Business Associate Agreements (BAA), SaaS contracts, DPAs, and MSAs, embedding appropriate privacy, security, and compliance safeguards for vendors and technology partners. • Advised leadership, clinical teams, and IT on risk management strategies, the "minimum necessary" standard for PHI, and integration of patient safety considerations into operational workflows. • Partnered with regulators during audits and investigations, coordinating response efforts and advising on mitigation steps to reduce enforcement exposure. • Monitored emerging healthcare regulatory trends, including sustainability reporting in healthcare facilities and due diligence requirements for medical supply chains, and provided actionable insights for compliance planning.

• Drafted, reviewed, and negotiated a broad range of commercial agreements, including SaaS, MSAs, SLAs, DPAs, BAAs, NDAs, licensing, vendor, and supplier contracts. • Advised businesses on operational compliance, employment matters, labor relations, and dispute resolution, aligning legal strategy with business objectives. • Supported corporate transactions by managing real estate leases, employment agreements, and estate planning matters, and by coordinating litigation and settlement strategies.

• Represented small businesses in contract negotiations and dispute resolution. • Drafted employment policies and advised on labor compliance.

Conducted comprehensive internal and third-party risk assessments to evaluate cybersecurity and data-handling practices. Provided legal and compliance guidance on global cybersecurity frameworks, including NIST RMF and CSF 2.0, SOC 2, ISO/IEC 27001, and the EU NIS 2 Directive. Advised on data-privacy considerations related to automated SIEM deployment and cross-border log processing. Reviewed and negotiated SaaS, IaaS, and other cloud-service agreements, ensuring alignment with data-protection and security obligations. Counseled on federal contracting and cloud-security compliance, addressing requirements under NIST SP 800-series, FedRAMP, and DFARS 252.204-7012 for information-security controls.

Provided legal assistance and ethics counseling to Soldiers and commanders. Completed periodic cybersecurity and information security training with emphasis on safeguarding sensitive business and operational data. Gained practical familiarity with applying cybersecurity safeguards across enterprise and third-party environments. Developed working knowledge of the NIST Cybersecurity Framework (CSF) and NIST SP 800 series standards, complementing legal expertise gained in privacy and compliance roles. Capable of operationalizing cloud security controls and managing contractors and vendors handling sensitive information. Integrated cybersecurity awareness into broader legal and compliance responsibilities, enhancing cross-disciplinary understanding of vendor risk management, incident response, and data protection practices.

Texas Bar, AIGP, CIPP/US, CIPP/E