Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Caryn Hairston

Burlington,NJ

Summary

A highly motivated and results-oriented compliance professional with extensive experience in developing and implementing robust assurance programs. Proven ability to lead global first-party assurance initiatives, conduct comprehensive controls testing, and ensure adherence to a wide range of regulatory requirements and ISO standards (including 27001, 27701, 22301, 14001, 50001, and 42001). Adept at collaborating with cross-functional teams to drive process improvements, mitigate risks, and foster a culture of compliance. Expertise in data center assurance and controls testing, encompassing physical security, environmental management, business continuity, and energy management. Seeking a challenging opportunity in a dynamic environment where I can leverage my skills and experience to contribute to organizational success.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Lead Program Manager, Data Center Compliance

Google
11.2023 - Current
  • Led global first-party assurance programs across data centers, product labs, and corporate functions, ensuring compliance with ISO 27001, 27701, 22301, 14001, 50001, 42001, and MSSRP.
  • Conducted comprehensive controls testing for security, privacy, and AI across Google's information security, privacy, and AI management systems, mitigating risks and ensuring operational resilience.
  • Spearheaded assurance initiatives for Google's common infrastructure and product labs, evaluating physical security, business continuity, and environmental management systems.
  • Developed and executed audit programs to assess compliance with ISO standards and regulatory requirements, driving continuous improvement.
  • Collaborated with cross-functional teams to ensure alignment on risk mitigation strategies.
  • Provided expert guidance on complex regulatory requirements and industry standards.
  • Effectively communicated audit findings to senior management, facilitating informed decision-making.

Program Manager, Security & Privacy Assurance

Google
06.2022 - 10.2023
  • Managed a testing team to execute ISO 27001, 27017, 27018, 27701 related audits (Privacy & Security) for Google and Google Cloud products globally and at scale.
  • Managed multiple concurrent audit engagements, prioritizing tasks to meet deadlines without compromising quality.
  • Streamlined audit processes, improving efficiency and reducing time spent on each audit engagement.
  • Administered auditing program to address risks and evaluate compliance with regulatory requirements.
  • Reduced audit completion times by optimizing audit planning, budget, and execution strategies.
  • Adapted plans and schedules to meet changing priorities of work objectives, resources and workload demands.
  • Developed audit policies, guiding administrative and technical functions.
  • Evaluated design and operating effectiveness of audit areas, including controls testing and risk mapping.
  • Increased internal control effectiveness through diligent evaluation of processes and providing recommendations for improvement.

Privacy Process Improvement and Operations Manager

Facebook
01.2021 - 05.2022

My role at Facebook is to support the development and implementation of privacy solutions that address user needs on privacy, data protection and data security, and to help design and build continuous operational compliance practices throughout the company.

Some key responsibilities include:

  • Drove strategic initiatives across teams to design, build, and implement privacy compliance processes, ensuring alignment with evolving regulatory requirements and user expectations.
  • Analyzed complex privacy issues, identified improvement opportunities, and provided strategic support to teams in developing and implementing effective solutions.
  • Managed cross-functional projects to address emerging privacy challenges, including conducting risk assessments, developing solutions, and implementing necessary changes to promote privacy-by-design principles.
  • Performed comprehensive risk analyses to identify and implement appropriate privacy processes and measures, mitigating potential risks to user data and ensuring compliance with global privacy regulations.
  • Developed and implemented performance improvement strategies to foster a culture of continuous improvement in privacy practices, enhancing operational efficiency and effectiveness.
  • Led process optimization efforts to streamline privacy operations and integrate privacy considerations into product development lifecycles.

Interim Regional Compliance Officer

Coface
07.2020 - 12.2020

As a Regional Compliance Officer, I am responsible for ensuring the Company is conducting its business in full compliance with all national and international laws and regulations that pertain to its particular industries, as well as professional standards, accepted business practices, and internal standards.

Some Key Responsibilities:

  • Implemented improvement initiatives and developed a compliance testing program to monitor and identify gaps in new and existing practices.
  • Analyzed Compliance Controls and conduct risk assessment results, documented findings, and work with department managers to develop corrective actions in the event potential/high-risk issues are discovered.
  • Monitored SIU and Fraud regulatory filing deadlines to ensure timely completion and conduct research and advise business teams on new regulatory filing requirements.
  • Supported investigation of potential fraud matters, such as suspicious claims, by gathering and organizing facts to be reported to the company’s Special Investigative Unit.
  • Partnered with Risk, Legal and Audit Departments to review and address key compliance matters.
  • Developed Privacy and Compliance program communications and training to introduce new compliance initiatives and encourage best practices.
  • Advised management on the company’s compliance with all state, federal, and provincial laws and regulations including, fraud and privacy, through detailed compliance risk reports.

Compliance Consultant - U.S. Privacy

Metlife
06.2018 - 07.2020

As a Privacy Compliance Consultant, I was responsible for the management of the US privacy program under our Compliance Programs Team.

Some key roles and responsibilities:

  • Improved company policies and standards to outline ethical, safe and efficient procedures.
  • Advised committees and department heads regarding privacy compliance risks and standards.
  • Collaborated with business stakeholders and cross functional partners on regional privacy activities to ensure practices are aligned with corporate and regulatory standards and expectations;
  • Provided support with the management and processing of personal data incidents to ensure compliance
    with state regulatory requirements; and
  • Monitored and assessed new privacy laws and regulations that may effect the organization’s processes and implemented
    necessary changes.
  • Identified potential areas of compliance vulnerability and risk to develop and implement corrective action plans.
  • Implemented improvement initiatives and developed compliance testing program to monitor and identify gaps in new and existing practices.
  • Provided guidance, advice and training to improve business' understanding of related privacy laws and regulatory requirements.
  • Lead and maintained cross-functional working groups to coordinate data protection efforts, including current projects and initiatives and regulatory awareness across MetLife Enterprise in regions across the globe.
  • Lead enterprise-wide assessments of privacy risk assessments, including completion of data protection impact assessments (DPIA) and third-party risk assessments under the Compliance Risk Management Program.

Sr. Compliance Analyst

MetLife
09.2016 - 06.2018

As a Sr. Compliance Analyst, I am responsible for ensuring that a company or organization complies with all regulatory guidelines and laws. Job duties also include collecting data and performing research on current practices and then developing policies and rules to ensure continued or improved compliance.

Key responsibilities:

  • Liaised with risk management, internal audit and legal departments to direct compliance issues to appropriate channels for investigation and resolution.
  • Managed testing and monitoring action plans to respond to compliance violations.
  • Prepared documentation and records and conducted branch audits and inspections.
  • Oversaw proper maintenance and dissemination of filing documentation as well as records and reports for review by various departments.
  • Scheduled and conducted evaluations of company policies, procedures and internal control structures.
  • Gathered, organized and evaluated data to make accurate assessments of current operations.
  • Enhanced regulatory, strategic and operational performance to keep in alignment with deadlines.
  • Implemented improvement initiatives and developed compliance testing program to monitor and identify gaps in new and existing practices.
  • Reviewed company forms, marketing materials and communication procedures for compliance with applicable laws and guidelines.
  • Supported and trained customers on compliance-related issues.

Compliance Examiner

Foresters Financial
06.2014 - 02.2016

As a Compliance Examiner, I was responsible for performing daily surveillance of securities transactions, handles registration and communication red flags, and actively investigates client complaints and potential violations of firm and regulatory policies and procedures, and reviews books and records for completeness and accuracy.

Additional responsibilities included:

  • Analyzed information gathered from investigations and reported findings.
  • Perform daily surveillance of securities transactions received from sales offices.
  • Conduct special reviews and investigations of alleged violations of company policy and/or securities rules.
  • Review trade reports from various sources for suitability and/or regulatory concerns.
  • Travel to sales offices and conduct annual and special compliance inspections by reviewing the books and records, interviewing personnel, and observing day-to-day operations in the office.
  • Handle customer complaint responses and investigations.
  • Enforce the Electronic Communications policy by conducting ongoing and targeted reviews of email correspondence and other postings to/from employees of the firm.
  • Provide comprehensive written and verbal reports to management, including but not limited to, surveillance, investigations, and sales offices inspections.

Education

Master of Science - Cybersecurity & Risk Strategy

New York University
New York, NY
05.2023

Bachelor of Science - Criminal Justice & Political Science

Rutgers, The State University of New Jersey
New Jersey
12.2010

Skills

  • Expertise in Privacy Compliance
  • Executing Privacy Initiatives
  • Compliance Framework Development
  • Security and Privacy Auditing experience
  • Incident Response & Risk Management
  • Program Oversight & Management
  • Data Reporting & Analysis
  • Privacy by Design
  • Stakeholder Management
  • Compliance Auditor
  • AI Governance
  • Data Center Operational Assessments
  • ISO Certified Lead Auditor for 27001, 27701, 22301, 50001, 14001, 42001

Certification

Certified Lead Auditor for multiple ISO standards including:

  • ISO/IEC 27001: Information Security Management Systems
  • ISO/IEC 27701: Privacy Information Management Systems
  • ISO 22301: Business Continuity Management Systems
  • ISO 14001: Environmental Management Systems
  • ISO 50001: Energy Management Systems

Timeline

Lead Program Manager, Data Center Compliance

Google
11.2023 - Current

Program Manager, Security & Privacy Assurance

Google
06.2022 - 10.2023

Privacy Process Improvement and Operations Manager

Facebook
01.2021 - 05.2022

Interim Regional Compliance Officer

Coface
07.2020 - 12.2020

Compliance Consultant - U.S. Privacy

Metlife
06.2018 - 07.2020

Sr. Compliance Analyst

MetLife
09.2016 - 06.2018

Compliance Examiner

Foresters Financial
06.2014 - 02.2016

Certified Lead Auditor for multiple ISO standards including:

  • ISO/IEC 27001: Information Security Management Systems
  • ISO/IEC 27701: Privacy Information Management Systems
  • ISO 22301: Business Continuity Management Systems
  • ISO 14001: Environmental Management Systems
  • ISO 50001: Energy Management Systems

Master of Science - Cybersecurity & Risk Strategy

New York University

Bachelor of Science - Criminal Justice & Political Science

Rutgers, The State University of New Jersey

Similar Profiles

  • Dominique Joachim Jr

    Dominique Joachim JrDominique Joachim Jr

    YouTube Content Creator at GoogleYouTube Content Creator at Google

    View Profile
  • Anoushka Leahy

    Anoushka LeahyAnoushka Leahy

    Manager, Global Talent Mobility at GoogleManager, Global Talent Mobility at Google

    View Profile
  • Luke Sternberg

    Luke SternbergLuke Sternberg

    Youtuber at GoogleYoutuber at Google

    View Profile
Caryn Hairston