Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Timeline
Personal Information
Generic

Damon Johnson

Grayson,GA

Summary

Seasoned Privacy and Compliance Program Manager with a proven track record of over five years in technology. Known for spearheading the evaluation and implementation of privacy and risk solutions for new products and features, holding certifications in information privacy, fraud examination, and risk management assurance. Successfully drove uniform data governance and standards across teams and business partners at Meta and Northrop Grumman, ensuring compliance with global data privacy laws such as CCPA and GDPR, while collaborating effectively with cross-functional teams to facilitate discussions and coordinate privacy efforts. Applied deep technical and analytical skills to solve engineering problems and optimize data processes.

Overview

20
20
years of professional experience
1
1
Certification

Work History

People Analytics Governance Manager

Allstate
06.2024 - Current
  • At Allstate, I lead governance strategy for enterprise HR data, driving compliance, privacy, and analytics alignment across our People Analytics portfolio.
  • I created and launched the 'Governance by Design' program, embedding scalable governance into cross-functional workflows - starting with Workday Access Security, Power BI dashboards, and Microsoft Fabric.
  • I collaborate across HR, security, and technology teams to safeguard employee data, promote responsible analytics, and ensure global privacy compliance.
  • My work bridges technical systems with business impact, empowering informed decisions and ethical data use.

Senior Digital Compliance Manager

Newell Brands
09.2023 - 01.2024
  • As the Senior Manager of Digital Compliance at Newell Brands, I led and managed time-sensitive privacy projects, ensuring their completion by 2023 in compliance with global data privacy laws.
  • Serving as a key liaison between Data Privacy, Legal, and Digital Technology, I facilitated the implementation of privacy technologies, conducted audits, and integrated data privacy into business processes.
  • Proficient in web analytics, consent management, and collaboration, I provided technical guidance for compliance, and staying current on regulations.
  • In my role, I demonstrated strong project and program management skills, overseeing and executing global privacy operations for Digital Marketing.
  • My responsibilities included implementing privacy compliance checks, creating training documents, managing user queries, and conducting Privacy Impact Assessments (PIAs).
  • I am adept at aligning privacy initiatives with corporate rules and ensuring compliance with data privacy laws.

Privacy Program Manager

Meta
06.2022 - 08.2023
  • During my tenure at Meta, I led the cross-functional evaluation of privacy and risk for new products and features, overseeing evaluations of consumer product privacy.
  • Collaborating extensively with legal, public policy, product marketing, and security departments, I identified and addressed potential privacy challenges related to GDPR and CCPA compliance.
  • This also involved reviewing content generated by the Large Language Model (LLM) for privacy concerns and ensuring alignment with regulatory requirements.
  • Facilitating discussion and coordination between product managers and privacy stakeholders across various teams, including legal, public policy, product marketing, security, and communications, I chaired weekly cross-functional meetings to ensure alignment on privacy initiatives.
  • Furthermore, thorough risk assessments were conducted to identify and evaluate potential risks to the organization.
  • Working closely with product managers and other privacy stakeholders, consensus around innovative solutions to privacy-by-design issues was developed and promoted.
  • New product proposal updates, key decisions, and status reports were meticulously tracked and documented, ensuring effective communication of privacy decisions to the larger cross-functional team and overseeing their correct implementation.
  • Additionally, active participation in internal and external audits for Governance, Risk, and Compliance (GRC) ensured compliance with regulatory requirements and internal policies at Meta.
  • Comprehensive risk management strategies and plans to mitigate and control identified risks were developed, further strengthening Meta's privacy and compliance framework.

Sr. Global Privacy and Information Management Analyst

Northrop Grumman
05.2021 - 06.2022
  • Implement and drive uniform data governance and standards across Northrop Grumman teams and business partners, leveraging the National Institute of Standards and Technology (NIST) framework to ensure robust data management practices.
  • Spearheaded efforts to ensure compliance with both the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), incorporating NIST framework principles for effective data protection.
  • Understand and communicate privacy requirements mandated by CCPA and GDPR, applying NIST framework best practices to facilitate clear communication with business and technology partners.
  • Foster a culture of data protection and privacy awareness throughout the organization.
  • Create and maintain centralized databases of Data Maps and Flows, aligning them with CCPA and GDPR guidelines.
  • Utilize NIST framework principles to provide a clear overview of how personal data is processed, stored, and transmitted within the organization.
  • Perform Privacy Impact Assessments (PIAs) applying NIST framework methodologies.
  • Identify, evaluate, and explain overall privacy risks associated with new and existing business operations, especially those involving the processing, storage, or transmission of personal data, per CCPA and GDPR requirements.
  • Supervise and implement day-to-day project management for large-scale endeavors, incorporating CCPA and GDPR compliance principles, as well as NIST framework guidelines, into planning, execution, and reporting stages.
  • Formulate privacy-focused plans, manage workstreams with data privacy considerations, conduct stakeholder follow-up addressing privacy concerns, provide status reports with privacy compliance updates, and resolve privacy-related issues during project execution.

Senior Data Privacy Manager

WarnerMedia
10.2019 - 05.2021
  • As Senior Data Privacy Manager at WarnerMedia, I spearheaded the implementation of the California Consumer Privacy Act (CCPA) intake process across WarnerMedia brands using OneTrust.
  • Through close collaboration with the Global Privacy Office, Data Owners, Compliance, IT, Legal, Security, and other stakeholders, I ensured consistent enforcement of privacy rules enterprise-wide.
  • My role extended to conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) to identify data vulnerabilities and provide strategic guidance on data protection.
  • Additionally, I played a hands-on role in configuring website cookie consent mechanisms to align with provided cookie inventory and contributed to the development and revision of privacy policies, standards, procedures, and guidelines, ensuring WarnerMedia's compliance with evolving regulatory requirements and industry best practices.
  • Overall, my tenure at WarnerMedia as Senior Data Privacy Manager was marked by a commitment to excellence in privacy program management, strategic leadership in addressing privacy challenges, and effective collaboration with cross-functional teams to uphold the highest standards of data protection and privacy compliance.

Sr. Information Security Analyst

Manhattan Associates
08.2018 - 12.2019
  • In my role as a Senior Information Security Analyst at Manhattan Associates, I played a central role in overseeing the end-to-end IT General Controls (ITGCs) essential for the Sarbanes-Oxley (SOX) compliance program, leveraging the ServiceNow GRC tool to ensure comprehensive compliance with data protection regulations.
  • We focus on key areas such as access controls, change management, and data integrity, ensuring that our systems and processes adhere to the highest standards of security and regulatory requirements.
  • Collaborating closely with stakeholders and VPs, we conducted in-depth security and privacy risk assessments to identify vulnerabilities and areas for improvement.
  • Drawing upon my extensive expertise, implement governance policies rooted in industry best practices and aligned with recognized frameworks such as NIST and COBIT.
  • These policies provided a robust foundation for our security practices, guiding our organization to effectively manage risks and maintain compliance.
  • Furthermore, I led technical risk assessments to evaluate our infrastructure and systems, creating prioritized remediation roadmaps to address identified vulnerabilities proactively.
  • Additionally, I spearheaded projects aimed at integrating foundational security controls into new platforms and services from the ground up, ensuring that security considerations were seamlessly embedded into our development processes.
  • Through these multifaceted efforts, I contributed to reinforcing Manhattan Associates' commitment to robust security practices and regulatory compliance, safeguarding our data and infrastructure against evolving threats.

Risk Analyst

ADP
08.2015 - 08.2018
  • GDPR compliance project leader; responsible for end-to-end GDPR adoption for ADP applications and services using (RSA Archer) platform to manage progress.
  • Understand compliance standards and translate them into business and data management requirements in the form of user stories/functional specifications or business change documentation.
  • Data Flow Mapping of ADP products/services/applications to identify potential gaps or findings.
  • Conducting meetings and presentations to share ideas and findings.
  • Monitoring deliverables and ensuring timely completion of projects.
  • Managing projects, developing project plans, and monitoring performance.
  • Updating, implementing, and maintaining procedures.
  • Managing competing resources and priorities.
  • Staying up-to-date on the latest process and IT advancements to automate and modernize systems.

Manager of Internal Audit

ExamWorks
11.2011 - 07.2014
  • During my tenure at ExamWorks, a pivotal role was played in ensuring compliance with the Sarbanes-Oxley Act (SOX) by coordinating and overseeing all aspects of SOX controls testing, working closely with Deloitte to ensure rigorous testing procedures and accurate reporting.
  • This involved meticulously reviewing and evaluating internal controls related to financial reporting, including those on revenue recognition, expense accruals, and asset valuation, among others.
  • Spearheaded efforts to identify control deficiencies and implement remediation plans to strengthen internal controls and mitigate financial risks.
  • In addition to managing SOX controls testing, developed financial and operational audit universes to comprehensively assess enterprise-wide business risks and formulate effective audit plans.
  • This involved conducting risk assessments, identifying key audit areas, and designing audit procedures to evaluate the effectiveness of internal controls and compliance with regulatory requirements.
  • Also led the preparation of audit presentations for quarterly meetings with the Audit Committee and Executive Management, providing detailed insights into audit findings, control deficiencies, and recommendations for improvement related to SOX compliance.
  • Through these efforts, contributed to strengthening ExamWorks' overall control environment, enhancing transparency and accountability in financial reporting, and safeguarding the integrity of ExamWorks' financial operations in accordance with SOX regulations.

Senior Internal Auditor

Sonepar USA
08.2005 - 11.2011
  • During my tenure at Sonepar USA, I played a pivotal role in coordinating and overseeing all aspects of SOX controls testing, collaborating closely with Ernst & Young (EY) to ensure compliance with regulatory requirements and internal policies.
  • This involved developing and implementing Hagemeyer/Sonepar worldwide standards of internal controls for the US subsidiary, including documenting key controls via flow charts, developing test plans, and performing testing of effectiveness.
  • Led the testing of over 100 controls throughout the company's accounting center, corporate offices, and branch locations, ensuring thorough compliance assessment and identifying areas for improvement.
  • In addition to managing SOX controls testing, I served as the auditor in charge of all operational audits of branches, storerooms, and distribution centers, executing on-site reviews, and preparing comprehensive audit reports with recommendations for management.
  • Developed an audit plan for several integrated supply operations aimed at controlling average cost issues with customer contracts.
  • This strategic audit plan contributed significantly to securing the renewal of contracts with major clients such as BMW and US Steel, each valued at over $100 million, in 2008 and 2009, respectively.

Education

Bachelor of Science - Business Administration - Management

College of Charleston
Charleston, SC
01.2001

Skills

  • Organizational governance

  • Relationship management

  • Ethics management

  • Teamwork and collaboration

  • Strategic planning

Accomplishments

  • Partnered with seven distinct business units to architect and implement Workday role-based security access, laying the foundation for a scalable, cross-functional “Governance by Design” framework at Allstate.

Certification

  • CIPP/US Cert Prep: 1 U.S. Privacy
  • Understanding and Prioritizing Data Privacy
  • Creating a Culture of Privacy
  • CRMA - Certification in Risk Management Assurance

Timeline

People Analytics Governance Manager

Allstate
06.2024 - Current

Senior Digital Compliance Manager

Newell Brands
09.2023 - 01.2024

Privacy Program Manager

Meta
06.2022 - 08.2023

Sr. Global Privacy and Information Management Analyst

Northrop Grumman
05.2021 - 06.2022

Senior Data Privacy Manager

WarnerMedia
10.2019 - 05.2021

Sr. Information Security Analyst

Manhattan Associates
08.2018 - 12.2019

Risk Analyst

ADP
08.2015 - 08.2018

Manager of Internal Audit

ExamWorks
11.2011 - 07.2014

Senior Internal Auditor

Sonepar USA
08.2005 - 11.2011

Bachelor of Science - Business Administration - Management

College of Charleston

Personal Information

Title: People Analytics Data Governance Manager

Similar Profiles

CREATE PROFILE
Damon Johnson