Lydia Payne-Johnson
Herndon,VA
Summary
Strategic executive with expertise in sustainable data governance and cybersecurity compliance. Specializes in security frameworks and international data protection laws, delivering risk-centric solutions aligned with business objectives. Drives team building and operational efficiency to enhance growth and profitability.
Overview
26
26
years of professional experience
1
1
Certification
Work History
Senior Consultant/Independent Contractor
Zaviant, LLC.
<ul>
<li>Evaluated bank and fintech operations for GDPR readiness and compliance, verifying compliance with regulatory standards.</li>
</ul>, DC
11.2025 - Current
- Evaluated bank and fintech operations for GDPR readiness and compliance, verifying compliance with regulatory standards.
Director, Data Governance, Compliance and Identity Management
George Washington University
Virginia, Virginia
01.2023 - 10.2025
- Revitalized GW’s data governance program, enhancing data stewardship engagement, processes, and data quality; fostered increased data literacy and awareness.
- Chaired Data Governance Committee, driving alignment on governance practices and identity protocols.
- Led development of university data governance policy, data classification standard, AI governance.
- Engaged with Business Intelligence and Platform Services, ensuring effective data management and compliance across university systems.
- Partnered with Privacy, Research Compliance, Legal, academic and administrative stakeholders.
- Managed Collibra Data Governance platform.
- Oversaw Identity team in rollout of Risk-Based Access Controls aligned with the Ellucian Banner platform.
Director, IT Security, Identity Management and Cybersecurity Risk
George Washington University
Virginia, Virginia
09.2020 - 01.2023
- Developed 5-year IT Security maturity roadmap that expanded cybersecurity awareness, expanded Identity governance and administration (IGA), training initiatives that included mandatory training modules for acceptable use and cybersecurity risk.
- Formed Identity Governance Committee and led people change efforts for implementation of One Identity Manager platform and university-wide adoption of two-factor authentication.
- Implemented OneTrust platform, matured IT risk register, reporting and risk metrics.
- Revamped GWIT policies to enhance security compliance and align with industry standards.
- Managed integration of enhanced 3rd party security reviews into procurement process to mitigate supply chain risks.
Senior IT Security and Risk Analyst
George Washington University
Virginia, Virginia
01.2019 - 08.2020
- Developed cybersecurity risk management framework for GW IT to enhance overall security posture.
- Prepared quarterly risk assessment reports for university projects and initiatives.
- Streamlined intake processes for research Data Sharing Agreements and Data Use Agreements.
Chief Privacy Officer
Freddie Mac
Virginia, Virginia
03.2011 - 06.2018
- Established business-centric, risk based and sustainable privacy compliance program and initiatives for securing sensitive consumer and employee information, including policies and standards.
- Executed 5-year strategy and roadmap for enterprise privacy compliance program that resulted in wholesale culture change that raised awareness and increased compliance around safeguarding sensitive information.
- Implemented Privacy Champions program and committee.
- Led governance and sustainability initiatives within Three Lines of Defense model for monitoring, testing, training, and compliance with corporate standards, fostering a culture of accountability.
- Key interface with internal audit, FHFA regulators and Board.
Chief Privacy Officer
CIT Group, Inc.
New Jersey, New Jersey
12.2008 - 01.2011
- Designed and implemented the company’s inaugural privacy program across all business lines.
- Partnered with security and risk teams to integrate data loss prevention, threat intelligence, and data classification, strengthening overall data protection.
- Delivered cost efficiencies while enhancing enterprise compliance posture.
New York
PriceWaterhouseCoopers (PwC)
New York, New York
06.2007 - 09.2009
- Advised financial and academic institutions on cybersecurity, privacy, risk, and compliance to enhance their regulatory adherence and risk management practices.
- Led cross-functional teams to enhance service delivery and operational efficiency.
- Managed client relationships to ensure satisfaction and project alignment with goals.
- Developed strategic plans for project execution and resource allocation.
Executive Director, Chief Privacy Officer
Morgan Stanley
New York, New York
01.2000 - 06.2007
- Established first global privacy compliance program, ensuring adherence across lending and banking operations.
- Collaborated with legal, compliance, marketing, and division teams to align privacy strategies and enhance compliance efforts.
- Served as primary liaison for auditors and regulators, maintaining compliance and fostering trust in privacy practices.
Education
J.D. -
New York Law School
New York, NYNew York, NY
B.A. - Music
Hunter College-CUNY
New York, NYNew York, NY
Skills
- Cybersecurity protection
- Incident response
- Risk management
- GDPR compliance
- Privacy compliance
- Data regulations
- Data strategy
- Change management
- Team leadership
- Effective communicator
Certification
• Certified Information Privacy Professional (CIPP)
• Artificial Intelligence Governance Professional (pending)
• Executive Leaders Academy, EDUCAUSE
• 2025 Cybersecurity and Privacy Horizon Action Plan Certification, EDUCAUSE
• Certificate, The Securities Institute, Wharton School of Business
• Certificate, Leadership and Strategic Impact, Tuck Executive Education Program
• GIAC Certified Law of Data Security and Investigations
• Prosci Certified Change Practitioner
• Senior Fellow, Center for Digital Government
• Artificial Intelligence Governance Professional (pending)
• Executive Leaders Academy, EDUCAUSE
• 2025 Cybersecurity and Privacy Horizon Action Plan Certification, EDUCAUSE
• Certificate, The Securities Institute, Wharton School of Business
• Certificate, Leadership and Strategic Impact, Tuck Executive Education Program
• GIAC Certified Law of Data Security and Investigations
• Prosci Certified Change Practitioner
• Senior Fellow, Center for Digital Government
Timeline
Senior Consultant/Independent Contractor
Zaviant, LLC.
11.2025 - Current
Director, Data Governance, Compliance and Identity Management
George Washington University
01.2023 - 10.2025
Director, IT Security, Identity Management and Cybersecurity Risk
George Washington University
09.2020 - 01.2023
Senior IT Security and Risk Analyst
George Washington University
01.2019 - 08.2020
Chief Privacy Officer
Freddie Mac
03.2011 - 06.2018
Chief Privacy Officer
CIT Group, Inc.
12.2008 - 01.2011
New York
PriceWaterhouseCoopers (PwC)
06.2007 - 09.2009
Executive Director, Chief Privacy Officer
Morgan Stanley
01.2000 - 06.2007
J.D. -
New York Law School
B.A. - Music
Hunter College-CUNY