Rachal Cronin

• Led a cross-functional team to complete 400+ privacy risk reviews, achieving 85% review finalization within 5 days while ensuring compliance with GDPR, CCPA, and other global privacy requirements.
• Designed and facilitated bi-annual privacy training for 50+ engineers and product managers, improving risk awareness and reducing evidence submission timelines by 60%.
• Developed and implemented privacy escalation processes, enhancing risk visibility and decision-making efficiency for senior leadership.
• Engaged with regulators and senior leadership to create an intake process for upcoming regulations or high impact privacy inquiries to identify company-wide privacy positions and identify gaps in safeguards.
• Drove adoption of privacy-by-design principles, embedding risk mitigation strategies into high-impact product decisions.
• Managed privacy incident identification and response process to drive resolutions in a 10 day SLA.
• Spearheaded tooling design review programs, connecting over 35+ design members with privacy analysts to identify and implement tooling improvements.

• Led a team of Privacy & Risk analysts to perform annual product risk assessments (GDPR, NIST 800-63, SOC II, PCI DSS) for 200+ assets, identifying regulatory compliance gaps across privacy, security, and identity management.
• Partnered with legal, product, and security teams to establish privacy impact assessment frameworks and data governance policies.
• Developed a risk prioritization framework, consolidating risk sources to provide executive-level decision support and drive enterprise-wide solutions.
• Supported vendor management by designing vendor compliance assessment procedures to ensure alignment with privacy requirements.

Led privacy impact assessments and data subject access request implementation for global clients, ensuring compliance with GDPR and CCPA.

• Designed incident response playbooks and risk mitigation strategies, strengthening global security and privacy programs for Fortune 500 clients.
• Conducted cybersecurity audits (ISO 27001, SOC II, NIST CSF) as part of incident response processes and recommended critical security control improvements.
• Facilitated privacy and cybersecurity tabletop exercises for senior leadership enhancing incident response readiness.