CYNTHIA M. REED

• Privacy Legal Advice and Advocacy related to OMB M-17-12, OMB A-130, OMB M-03-22, E-Government Act of 2002, Privacy Act of 1974, HIPPA (Security, Privacy, Breach) Safeguards, NIST 800-53, NIST 800-88, NIST 800-171, FIPS 140-2, FIPS 199, Privacy Incident Reporting and Response, Federal Information Security Modernization Act, Executive Order 13556, etc.
• Main Privacy Subject Matter Export for CDC NIOSH Privacy Threshold Assessments and Privacy Impact Assessments related to General Support Systems, Major Applications, Minor Applications (stand-alone), Minor Applications (child), and Electronic Information Collection Systems.
• Lead Business Process Reengineering (BPR) for Privacy Impact Assessments, Data Use Agreements, Disposition Plans, Certification and Accreditation (Privacy related activities), Computer Matching Agreements, Data Use Agreements, Disposition Plan, Service Legal Agreements, System of Records Notice, Interconnection Security Agreements, Memorandum of Understanding, Media Protection, NIST 800-171 System Security Plans/Plan of Action and Milestones (POA&M), Records Management and Retention, Data Management Plans, and Privacy Breach Response.
• Sphere-headed the development of an Information Security and Privacy Library which contained a comprehensive listing of policy guidance, standards, regulations, laws, handbooks, practice guides, templates, checklists, process guides/flowcharts, relevant links and contact information, as well as CDC System Development Life Cycle (SDLC) and Information Technology Infrastructure Library (ITIL) documentation.
• Worked with federal procurement specialists to implemented Standard Security and Privacy Contract Language for IT Procurements which included a Contract Language Tool and JIRJIRA ticketing system to automate the process.
• Project Team Lead implementing NIST 800-171 revision 2 requirements for Nonfederal Systems/Organizations with Controlled Unclassified Information. Developed standard review language and protocols when evaluating CUI System Security Plans and Plan of Action and Milestones. Worked with InfoSec Operations Team Lead with the tailoring of the CSET tool which would automate 800-171 reviews.

• Plan, develop and assist in the coordination and communication of processes, procedures, and policies relevant to privacy and cybersecurity.
• Maintain a complete set of cyber-security, privacy, & compliance policies to meet regulatory requirements and withstand audits.
• Contribute to and maintain documentation for IT risk identification, classification and response processes.
• Establish and refine appropriate procedures and playbooks for security-related processes such as incident & breach response
  Lead tabletop exercises and internal audits of existing procedures and controls.
• Perform internal risk and vulnerability assessments, followed by appropriate remedial action, to mitigate risk and ensure that systems are protected from known and potential threats and are free from known vulnerabilities; perform risk assessments on third-party partners and suppliers.
• Respond to third party security assessment questionnaires and provide evidence and documentation during audits.
• Provide technical security guidance for solutions, controls and architecture; actively contribute to inter-departmental and cross-functional teams for the protection of information assets Assist with security & privacy awareness training activities and programs
  Provision and audit access controls on information systems containing sensitive data Security incident response duties as a member of the Cyber Security Incident Response Team (CSIRT) Research and stay up-to-date on current security threats and vulnerabilities to relevant information systems.

• Performed project management functions to ensure that project tasks (e.g., DMP reviews, remote reviews, meetings) are completed efficiently, effectively, consistently and timely.
• Ensured that quality assurance and records management practices aligned with record retention requirements that reviews are being conducted in a consistent and fair manner.
• Implemented NIST/FISMA/HIPAA requirements as well as IT security related federal policies (OMB A-130) and any relevant CMS policies to safeguard personally identifiable and protected health information
• Provided ongoing training and awareness support regarding compliance requirements, key data privacy trends, and best practices.
• Developed a new DMP process, consisting of new DMP materials, including but not limited to policies, procedures, and documentation.
• Planned and constructed new records management system used to collect and storage attestation-based DMP documents, including supporting policy and procedure documents submitted by data requestors.
• Completed initial reviews of organization-level submission to ensure all attestation-based documents have been completed and all supporting policy and procedure documents have been submitted correctly.
• Developed an audit process to verify, measure, and report on current state of operational practices related to privacy, data management, and security policies and procedures.

• Provided continued maintenance and support of Centers for Medicare & Medicaid Services (CMS), Office of Enterprise Data & Analytics (OEDA) Data Privacy Safeguard Program (DPSP)
•  Ensured protection of CMS research identifiable files (RIF) data disclosed to researchers for approved research purposes.
• Reviewed Data Management Plan (DMP) submissions for any administrative, physical, and technical safeguard deficiencies that may require additional information from the data requestor.
• Provided guidance to researchers on how to implement effective, reasonable, and appropriate measures that protect CMS RIFs. 
• Collected information from data requestors regarding data storage,  the sharing environment, collaborative project arrangements, and data transport across locations.

• Provided U.S. Immigration and Customs Enforcement (ICE) subject matter expertise with drafting privacy compliance documentation and related analytical tasks.
• Coordinated approval of privacy documents with the ICE Program Office, Office of the Chief Information Officer, Office of Principal Legal Advisor (OPLA), ICE executive offices, and DHS Privacy Office.
• Created short suspense analyses, briefings, white papers, and information papers on new requirements from Office of Management and Budget (OMB) and other Federal agencies.
• Drafted and reviewed privacy compliance documentation to include System of Record Notices (SORN), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), PIA schedules, POAM waivers, Testing Questionnaires, and Disposition PTAs.

• Privacy subject matter expert for Department of Veterans Affairs (VA), Office of Information & Technology (OI&T), VA Privacy Service in completion of a comprehensive review and assessment of VA Privacy Officer Professionalization Program (POPT).
• Created a Contractor Project Management Plan (CPMP) that lays out contractor’s approach, timeline, and tools to be used in the execution of the POPT contract.
• Planned and coordinated base year deliverable schedule, milestones, risks, and resource support logistics/materials.

• Assisted the Management Information Database (MIDB) division with overall data management support which included tasks related to data architecture management, data development, data security management, data warehousing - business intelligence management (DW-BIM), and meta-data management.
• Provided DW-BIM customer service aid to knowledge workers engaged in reporting, querying, and analysis of state accounting, purchasing, and human resource data systems.
• Implemented SOM Department of Technology, Management, and Budget (DTMB) policies, technical procedures, and standards for preserving integrity and security of data, reports, and access.
• Analyzed compensation and benefits policies to establish competitive programs and ensure compliance with legal requirements.

• Provided privacy and information risk management support to the Chief Information Officer (CIO), Deputy CIO, and Director of Information Risk Management (DIRM).
• She assisted the Electronic Records Management (ERM) Chief with the capture, storage, transfer, and archiving of Presidential and Federal electronic records.
• Researched the applicability of the Federal Rules of Civil Procedure discovery sections, especially those involving Electronically Stored Information (ESI) records governed by the Presidential Records Act.
• Supported electronic data and records transfer to the National Archives and Records Administration (NARA) during the 2016-2017 Presidential Transition.

• Worked directly with the Director of Industrial Risk Management (DIRM) and senior management staff to achieve federal safety and security benchmark standards. 
• Partnered successfully with DIRM senior management staff to implement new roll-out programs related to the safeguarding of employee information, privacy and security awareness training, and internal Privacy Act inspections.
• Researched, drafted, and proposed director-level correspondence and technical papers related to the application of TYAD privacy regulations, DoD specific privacy policy, and federal privacy best practices.
• Developed and maintained an internal client filing system to align with Army Records Information Management System (ARIMS) record management controls. 
• Developed and maintained an alert system for upcoming deadlines on incoming requests and events.

The Master of Laws in Homeland and National Security LL.M. Program reviews the many laws enacted since 9/11 and meets the needs of those attorneys seeking to better understand the context and application of those laws. Program outcomes for the Homeland and National Security Law Program include: Achieve an understanding of the fundamentals of Homeland Security law, including federal/state relationships in critical response, military operations, and organizations. Demonstrate an ability to create, analyze, and determine the legal efficacy of newly created laws dealing with homeland and national security law issues. Embrace the legal, moral, ethical, and professional responsibilities of lawyers, embodying the responsibilities of an honorable member of the profession.

• Continuing education in Homeland Security Law, National Security Law, Emergency Management Law, Intelligence Law and Privacy, Cybercrimes, Privacy and Information Security, Immigration Court Practice, Physical Security of Critical Infrastructure and Risk Management, Federal Government Contracting, Master's Thesis/Research Project, Scholarly Writing, Directed Study
• Completed professional development in study in air and transportation security, border security, military operations in the homeland, intelligence and privacy issues, technology and cybersecurity, as well as practical courses on federal contracting and administrative agencies.
• Honor Roll in May 2019, Sep 2018, May 2018, Sept 2017, Jan 2014, and Sep 2013

• Continuing education in Advocacy Bar Exam Skills , Business Organizations, Civil Procedure, Constitutional Law, Contracts, Criminal Law , Criminal Procedures, Drafting Equity & Remedies, Evidence, Introduction to Law I , Personal & Prof. Responsibility, Property, Research & Writing, Secured Transaction, Taxation Torts, Wills, Estates, and Trusts +
• Elected to President for Amnesty International Student Organization Law Student Association in 2013 and 2014.
• Member of WMU-Cooley Homeland and National Security Emergency Response & Education Association, Homeland and National Security Law Review, International Law Society, and Amnesty International.

Professional development completed in:

• HIS 101 History of Western Civilization
• HIS 103 United States History to 1865
• POL 100 American National Government University Writing Seminar
• HIS 102 History of Western Civilization II
• HIS 104 United States History since 1865
• HIS 300 Introduction to Historiography and Methods
• POL 210 Introduction to the American Legal System History Core Elective
• POL 211 The Trial in American Life
• HIS 490 History Seminar
• POL 410 American Constitutional Law
• GEO 202 Cultural World Geography
• HIS 300-400 level Elective
• HIS 491 Research Seminar
• POL 411 Constitutional Encounters
• BUS 352 Business Law ENG 300-400 level Elective
• HIS 300-400 level Elective
• POL 450 Internship
• ENG 300-400 level Elective
• POL 451 Internship
• HIS/POL 300-400 level Elective
• POL Advanced Elective