Saundra Kae Rubel
Lincoln City,OR
Summary
Dynamic, meticulous privacy professional adept at monitoring regulatory requirements and developing privacy and data security programs. With 19 years of privacy experience, creates and implements privacy and compliance strategies to protect information and reduce risk, using tactical skills to reach corporate objectives and create competitive differentiators. Achieved positions of increasing responsibility by exceeding overall performance expectations, highlighting outstanding leadership abilities, and consistent creation of reliable privacy programs. Dedicated to following laws and regulations ensuring company compliance and data protection. Management of 5-10 team members. Willingness to learn and adapt to company specific data protection programs while providing high-caliber business data security.
Results-driven management professional with proven ability to lead teams to success. Strong focus on team collaboration, operational efficiency, and achieving measurable outcomes. Adept at strategic planning, process improvement, and fostering culture of accountability and excellence. Known for adaptability and consistently meeting changing organizational needs.
Talented Manager with expert team leadership, planning, and organizational skills built during successful career. Smoothly equip employees to independently handle daily functions and meet customer needs. Diligent trainer and mentor with exceptional management abilities and results-driven approach.
Collaborative leader partners with coworkers to promote engaged, empowering work culture. Documented strengths in building and maintaining relationships with diverse range of stakeholders in dynamic, fast-paced settings.
Encouraging manager and analytical problem-solver with talents for team building, leading and motivating, as well as excellent customer relations aptitude and relationship-building skills. Proficient in using independent decision-making skills and sound judgment to positively impact company success. Dedicated to applying training, monitoring and morale-building abilities to enhance employee engagement and boost performance.
Dedicated [Industry] professional with a history of meeting company goals utilizing consistent and organized practices. Skilled in working under pressure and adapting to new situations and challenges to best enhance the organizational brand.
Customer-focused professional with successful [Number]-year career in [Industry] sector. Dynamic successful applying [Skill] and [Skill] in busy business environment.
Experienced leader with strong background in guiding teams, managing complex projects, and achieving strategic objectives. Excels in developing efficient processes, ensuring high standards, and aligning efforts with organizational goals. Known for collaborative approach and commitment to excellence.
Detail-oriented individual with exceptional communication and project management skills. Proven ability to handle multiple tasks effectively and efficiently in fast-paced environments. Recognized for taking proactive approach to identifying and addressing issues, with focus on optimizing processes and supporting team objectives.
Overview
25
25
years of professional experience
1
1
Certification
Work History
HITRUST Sr. Standards Manager
HITRUST Alliance
Lincoln City, OR
09.2021 - 02.2026
- Senior team leader for MyCSF database, writing matrix controls for all ISO, NIST, RMF, International Artificial Intelligence [AI], CyberSecurity, data protection, privacy, legal instruments, risk best practices, & frameworks, ensuring reliable complementary controls across a multitude of international compliance standards.
- Designed and automated control testing and evidence collection to reduce manual effort and improve accuracy for compliance initiatives.
- Championed security, compliance, and data governance strategies, including data deletion, retention, and storage processes.
- Excellent foundational knowledge of the MyCSF database having mapped over a 100 disparate legal instruments to ensure clients controls are covered leading to successful HITRUST CSF certification: working knowledge of ISO, NIST 800-53, AI, CSF, Privacy, RMF, & other prominent security control frameworks.
- Managed Client CSF readiness assessments, identifying and documenting substantial control gaps, validating treatment plans, & reducing risk exposure for more complete risk profiles.
- Sabbatical March 2018 – September 2021
- Led cross-functional teams to enhance compliance frameworks and streamline operational processes.
- Developed and implemented strategic initiatives to improve data security assessments across client organizations.
- Analyzed industry trends to inform policy development and drive organizational efficiencies in compliance operations.
- Oversaw audit processes ensuring adherence to HITRUST standards while identifying areas for operational enhancement.
- Managed project timelines and deliverables, ensuring alignment with organizational goals and stakeholder expectations.
- Accomplished multiple tasks within established timeframes.
- Led cross-functional teams to achieve project goals, fostering collaboration and innovation.
Privacy Officer / HIPAA-GDPR
APN at Phillips Neuro
12.2017 - 03.2018
- Advised client on HIPAA/GDPR readiness including PIAs/DPIAs, data mapping, incident response plans, subject access requests (SAR), project plans, incident response plans and other required artifacts.
Senior GRC Compliance / Compliance
HCL Tech
01.2017 - 12.2017
- Assessed operations to define all privacy requirements; implemented all necessary standards, policies, and plans guaranteeing solid security protocols over SOC, SOx, HIPAA and ISO2700x frameworks and regulations.
- Tested, evaluated, and remedied internal controls through collaborative efforts with Security, Internal and External Audit, Technology, and other management and stakeholders to ensure compliance throughout all projects.
Security/Compliance Engineering Manager
Cavirin
05.2016 - 09.2016
- Drove the project for adding new control frameworks to the Cavirin product line.
- Performed QA activities which identified bugs and/or missing content in existing product implementation of policy packs, control frameworks, and compliance.
- Handled security and compliance research to create and implement solution summaries and data models.
- Provided continuous maintenance of all laws, frameworks, and standards within the expected GRC portal.
- Mapped security procedures to standards: NIST 800-53 r4 + Appendix J, ISO 27002, SOC II, PCI DSS 3.2, CIS CSC, NIST CSF, and HIPAA-HITECH.
- Introduced security frameworks to Cavirin, such as CJIS Security Policy, NERC CIP, FFIEC IT Handbook, and UK Cyber Essentials, through spreadsheet and database models.
Privacy, CyberSecurity Officer
Proteus
05.2015 - 02.2016
- Built out, executed, and directed Cyber Security, Privacy, and Medical Devices Product Programs.
- Established, initiated, and sustained privacy, security, cybersecurity and medical product policies and procedures.
- Reviewed and revised product policies and practices to prevent, detect and respond appropriately to potentially non-compliant practices.
- Performed 510(k), Privacy and Cyber Security by Design, 13485/14971/2700x/27018 Assessments, and Secure Software Development Lifecycle related duties.
- Sabbatical April 2014 – April 2015
Data Privacy and Security Vendor Consultant/Senior Integrated Controls
Kaiser
12.2014 - 03.2015
- Created the Test Once, Satisfy Many project philosophy through the mapping of security policies to standards and mapped various controls frameworks such as, HIPAA, CIS, CSC, SOC, SOx, UCF, 2700x and internal controls.
- Precisely assessed all frameworks to ensure proper data security protocols were followed based on company and government laws.
- Interpreted appropriate local, state, and, federal laws and regulations to ensure company compliance.
- Drafted data flows based on complex system processes for international companies showcasing how data flows in and out of the organization, at rest and in motion, on site and with third party vendors.
- Performed IT related risk analysis guaranteeing discretion while safeguarding company and client data.
Vendor Security Compliance Manager
Apple IS&T
04.2013 - 03.2014
- Frontrunner of the 2700x Vendor Assessment Project for new/unreleased product vendors utilizing 2700x criteria.
- Designed project objectives, created vendor assessment programs, and collaborated with third party vendors to deliver effective project management, RoI, cost analysis, deliverables, and milestones.
Senior Privacy Compliance Analyst/Marketing Privacy Program Manager
Cisco
02.2012 - 11.2012
- Managed all Cisco marketing privacy initiatives and vendors; provided company-wide global data compliance.
- Interpreted applicable requirements in internal processes for the continuation of global compliance programs.
- Spearheaded the Data IT Privacy Framework Program, developing company-based project methodology including stakeholder participation.
- Delivered Enterprise data protection proficiency in the handling, encrypting, organizing, and archiving of all personally identifiable data.
Senior IT Data Privacy Compliance Manager
NetApp
01.2010 - 01.2011
Senior IT Data Privacy Compliance Program Manager, CPO-1
Symantec
01.2008 - 01.2010
Privacy, Data Protection, Information Security Officer
Sole Proprietor
01.2001 - 01.2008
Skills
- Skilled at turning complex privacy issues into succinct, solid plans and actions
- Outstanding confidentiality compliance and communication skills
- Influential leader guaranteeing positive impact resulting in high-performance teams
- Customer service
- Team leadership
- Time management
- Decision-making
- Verbal and written communication
- Complex Problem-solving
- Task delegation
- Goal setting
- Documentation and reporting
- Relationship building
- Strategic planning
- Project management
- Cross-functional teamwork
- Project planning
- Conflict resolution
- Policy implementation
- Budget control
- Work prioritization
- Policy and procedure development
- Data analysis
- Risk management
- Change management
- Regulatory compliance
- Teamwork and collaboration
- Attention to detail
- Positive attitude
- Problem resolution
- Problem-solving
- Excellent communication
- Organizational skills
- Work Planning and Prioritization
- Managing operations and efficiency
- Scheduling and coordinating
- Professional and courteous
- Good judgment
- Process improvement
- Active listening
- Interpersonal relations
- Schedule management
Certification
Certified Information Privacy Professional/United States (CIPPUS), IAPP, Issued Jan 2008
Fellow in Information Privacy (FIP), IAPP, Issued Feb 2018
Certificate of Cloud Security Knowledge (CCSK), CSA, Issued Feb 2010
Certified HIPAA Professional (CHP), HIPAA Academy, Issued Jul 2009
Certified HIPAA Security Specialist (CHSS), HIPAA Academy, Issued Jul 2009
Certified Information Privacy Professional/IT (CIPT), IAPP, Issued Oct 2010
Certified Information Privacy Professional/Government (CIPP/G), IAPP, Issued Oct 2008
Certified Information Privacy Professional (CIPP), IAPP, Issued Oct 2004
Certified Data Privacy Solutions Engineer (CDPSE), ISACA, Issued May 2020
Timeline
HITRUST Sr. Standards Manager
HITRUST Alliance
09.2021 - 02.2026
Privacy Officer / HIPAA-GDPR
APN at Phillips Neuro
12.2017 - 03.2018
Senior GRC Compliance / Compliance
HCL Tech
01.2017 - 12.2017
Security/Compliance Engineering Manager
Cavirin
05.2016 - 09.2016
Privacy, CyberSecurity Officer
Proteus
05.2015 - 02.2016
Data Privacy and Security Vendor Consultant/Senior Integrated Controls
Kaiser
12.2014 - 03.2015
Vendor Security Compliance Manager
Apple IS&T
04.2013 - 03.2014
Senior Privacy Compliance Analyst/Marketing Privacy Program Manager
Cisco
02.2012 - 11.2012
Senior IT Data Privacy Compliance Manager
NetApp
01.2010 - 01.2011
Senior IT Data Privacy Compliance Program Manager, CPO-1
Symantec
01.2008 - 01.2010
Privacy, Data Protection, Information Security Officer
Sole Proprietor
01.2001 - 01.2008