James Dawson recognizes and capitalizes on technology efficiencies. He is most effective in a leading-edge work environment, solving technical challenges, with a company that can offer domestic or international travel and opportunities for public speaking.

CIO | Information Governance | Global Technology Risk Management | IT Risk Audit Risk Responsibility Design | Privacy Risk Governance | Policy & Procedures Risk Management & Control | Litigation Readiness & Response | Information Management | eDiscovery | Cyber Security

  • Innovative thinker who presents complex issues in simple and concise ways and who has managed revenue of more than $15 Million
  • Recognized subject matter expert on podcasts and as a public speaker on information governance, Policy & data risk strategy
  • Influential communicator; successfully lead and manage risk change in global, multicultural, matrix environments
  • Associates risk more to people than technology; for a much more effective technology risk responsibility design remediation
  • Strong experience developing and implementing enterprise risk and information governance audit frameworks
  • Corporate counsel solutions for information lifecycle and governance of risk in litigation and dispute defense
  • Global privacy remediations successfully negotiated compromise despite leadership’s competing interests and goals  
  • Designed policies, procedures and risk control guidelines that are actionable with teams as large as 32 people

 

Executive Career History

Cyber Security Risk Specialist.  King & Spalding, Atlanta Georgia USA (A global law firm of more than 1,200 lawyers operating in 160 countries worldwide.)    

March 2021 - Present

I am the Cybersecurity Risk specialist protecting ESI in complex governance, risk and compliance (GRC) environments. I support information risk, compliance and information security programs with a focus on the firm’s Discovery Center and Practice Services. I am the liaison between Discovery Center / Practice Services and Information Security, Information Governance, and Conflicts & Business Review global operations. I apply my expertise in cybersecurity risk data management and protection efforts to all Discovery Center applications. I support IT and counsel in information security-related requirements and act as System and Vendor IT Risk advisor to support all compliance and security initiatives. I help define and maintain advanced security controls and features to support adequate prevention and detection capabilities related to the protection of client and firm information.

Responsible for:

  • Cyber risk analysis, information security, risk management and IT audit
  • Managing internal controls, risk assessments, business process and internal IT control testing or operational auditing
  • Client services technology and over 20 legal specific eDiscovery software including Relativity

I provide expert professional services to the firm in IT Governance, IT Risk, and Compliance. I am an expert in reasonable security controls to manage IT risk while enabling complex data intensive global business processes for the firm. (To get a feel for the data volume and cybersecurity complexity of the firm's data intensive business processes, note that K&S is managing thousands of matters at any given time and this is reflected in revenue of $1.53 billion last year, the firm’s 11th straight year of revenue and profit growth.)

___________

Danske Bank, Copenhagen, Denmark (a Nordic Consumer Banking and Wealth Management leader) Head of IT Risk Management, Business Risk Controls, Group IT Security, CISOs Office June 2019 – July 2020. 

Developed, managed, and implemented the IT Risk Strategy program for the Corporate Operational Risk Committee and the office of the Chief Information Security Officer, a 175 Million Kroner ($16.8 Million USD) program that mitigates risk outlined by business needs, regulatory risk from the Financial Supervisory Authority (FSA) and other major risk issues within IT and Cybersecurity.

 

Accomplishments: Managing a team of 22 Danish, Lithuanian and Indian cyber security professionals, and acted as the bank’s IT Risk representative for the COVID-19 Crisis Management team. My work focused on data governance with a comprehensive and holistic approach to risk. I was tasked with designing and implementing the IT Cyber and Operational Risk Strategy for IT risk remediation within all bank wide operations. Because IT risks continue to be a high priority, Danske Bank brought me to Denmark to help strengthen the overall monitoring of and resilience to cybercrime and fraud and for overall improvements in the capabilities of the Security Operations Centre (SOC) and the Security Incident Response Team (SIRT). My work was based on practices of the US National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) for security incidents. My team reduced the response time for incident reporting to the office of the CISO both internally at Danske Bank and in collaboration with industry partners.

 

Was responsible for IT risk response to incident monitoring included ways to detect and avoid spoofing and phishing campaigns. For non-financial risks, I lead the strengthening of the bank’s Enterprise Risk Management (ERM) framework increasing the awareness of non-financial risks. I supported IT risk monitoring within data security areas of compliance. My work focused on conduct risk in line with the implementation of the General Data Protection Regulation (GDPR) and the requirements of the Markets in Financial Instruments Directive (MiFID II). We built risk mitigation around cyber security and other data security risks and improved customer due diligence processes to strengthened procedures to handle unusual incident activity alerts and developed and implemented an approach to identify, assess, and evaluate cyber security risk.

 

I was part of the lead team that supported executives responding to FSA observations on operational risk, where I was responsible for incident risk response and end-to-end investigation for regulatory response. I developed remediation in IT systems to improve the effective monitoring of IT risk and associated incident risk management to meet stringent, ISO/IEC 27001 requirements, NIST SC1/SC2 systems policy & procedures along with remediation to meet EU legislation, IT risk and security demands for regulatory orders to the bank regarding their handling of IT risks.

 

I lead the IT risk and security monitoring of mission critical processes including software development, change control, processes sourced to third parties and new banking products or services. In addition to managing the banks IT risk and controls register, I oversaw the IT risk response to incidents to ensure that risk factors were addressed in compliance to policy and with consideration for business objectives. Team delivered PCI-DSS standards, implemented the European Banking Authority (EBA) risk taxonomy, and adopted the bank’s Global Operational Risk Database to eCommerce banking.

 

Supported the banks IT Architect in DMARC/DKIM/SPF controls and associated requirements in the bank’s communications domains. Responded to internal audit findings, external audit observations from FSA regulators, and was responsible for regulatory response including notifiable IT events, MIFID reviews and data loss or corruption events from an information security and technology risk perspective. In addition to my team, I also managed more than 12 outside consultant teams (some with as many as 6 people in the team) and engage advisory third parties by writing RFI or RFPs for procurement. I also oversaw the responses to all IT security and risk questionnaires.

 

Using ServiceNow GRC tool, I managed the registration and lifecycle tracking of identified risks and control actions including KRIs and KPIs for reporting to the board of directors, senior leadership, and other operational risk committees. I developed a cyber and IT risk controls catalog in line with Group IT’s risk appetite and recommend tolerance levels to support regulatory compliance in 13 countries of operation and to meet business objectives. While managing the IT risk register, we also maintained a risk aware culture where risk & control owners are responsible and accountable for remediating their monitored risks.

 

I managed a security and risk assessment team of 19 people and we monitored more than 10 IT risk assessments at any given time. We regularly assessed controls to see that they effectively mitigated associated risks. We applied the risk framework along with leading practices to manage APTs to the banks policies and standards and support the 2nd lines update and compliance to these policies. We associated to identified risk or threats temporary exemptions to policy with milestones to get to compliance and allowed for a “risk acceptance process” for IT risk that could not be brought into compliance.

 

FREDDIE MAC, McLean, VA (public government-sponsored enterprise operating in the secondary mortgage market)

Director, Information Governance & Data Risk Strategy - Enterprise Information Lifecycle Management 2018-2019. (also, HR Diversity and Inclusion head for Enterprise Operations)

 

Developed and implemented the approach and strategy for Data Risk and Governance of Enterprise Information Lifecycle, a $12 Million-dollar program that mitigated risk outlined in the FHFA Advisory Bulletins and other matters requiring attention (MRAs).

 

Accomplishments: Designed and implemented the Information Risk Strategy for enterprise-wide risk-based data remediation, risk-based compliance, data governance and information lifecycle for all structured and unstructured data including IT audit for compliance processes and regulatory controls. I was responsible for milestones for the development and implementation of technology capabilities and risk mitigation for the effective use risk reduction and value realization of information assets across the organization. Established the governance structure for the “business advocate” to ensure technology capabilities supported business needs while maintaining focus on operational risk.

 

Designed, developed, and deployed ways to strengthen, enhance, and promote the information risk management program as Freddie Mac became more “data compliance driven” in decision making and led the management of an information governance function, data quality monitoring, and the master data management initiatives in all lines of business. Identified weaknesses, improved preventative controls, and improved maturity in managing information assets. Built the foundation for the long-term Information Lifecycle Management (ILM) program for Freddie Mac with three staff and 15 year-round consultants (a $5 Million-dollar budget in the first year). Provided guidance for oversight of Freddie Mac's compliance with the Information Risk Policy and the related Information Classification & Handling standard. Built the governance model for the Information Risk Program for the sustainable target Enterprise Information Lifecycle Management operating model for Information Risk control effectiveness. Built the enterprise strategy and approach for information lifecycle (Collection, Classification, Usage, Protection, Storage, Retention, Disposal). Designed the single enterprise “Functional Charter and Shared Vision” for an enterprise which was trying to manage information risk in silos. Demonstrated that information has become “the currency of business” and its key characteristics of confidentiality, integrity, and availability: crucial to a successful risk conscious business environment. Built private data process analysis for all PII within the organization.

 

Additional Achievements at Freddie Mac:

ü  Improved data quality, risk avoidance and mitigation using a risked based information lifecycle strategy.

ü  Managed and prioritize budgets while partnering with 1st, 2nd, and 3rd Lines of Defense.

ü  Created an innovative “information lifecycle management design” that supports the Freddie Mac culture

ü  Significantly reduced risk and bettered regulatory relationships, response to MRAs and compliance exams

ü  Generated significant savings and cost avoidance through industry informed ILM and Data Governance

 

 

 

 

 

KPMG LLP, NY, NY (Global Advisory Services)

Director, Strategy and Governance, Cyber and Forensic Technology Services – Regulatory Risk                                                         2009-2018

 

Performed technical delivery on a portfolio of millions of dollars annually. Responsible for managing the entire process from demand creation, closing sales, budgeting, executing the contract and delivering the work.

 

Accomplishments:

  • ·       Designed and delivered data risk transformation for Statement on Standards for Attestation Engagements (SSAE) and information governance for corporate legal departments in regulatory recordkeeping, data Policy & Procedures, discovery, supervision, surveillance compliance and related data governance challenges - Resulted in significant risk reduction and cost savings in the millions of dollars
  • ·      
  • ·      
  • ·      
  • ·      
  • ·      
  • ·      
  • ·      
  • ·       Assessed and delivered early California Consumer Privacy Act (CCPA) surveys and data use reviews to see that the organization was compliant to expected regulation for online customers (such as their California residents) so they could easily opt-out of having their data shared or sold and recommended opt-out links on consumer home pages (implemented consumer protection regulation that was anticipated but was not required by law at the time of the assessment).
  • ·      
  • ·       Managed complex information lifecycle issues to meet defensible data reduction for corporate general counsel (which was a success because defensible data destruction saved the organization $6 million over 5 years)
  • ·       Designed global information governance in multiple industry verticals and multi-terabyte data investigations including PDIQs (Personal Data Inventory Questionnaires) for US and EU business
  • ·       Delivered several global Policy & Procedures assessments for broker-dealer compliance in global banking organizations
  • ·      
  • ·       Delivered application-based data controls to meet high risk procedures for regulated data use, controller/processor data security and storage requirements, data erasure and portability requirements
  • ·       Delivered cybersecurity intrusion and risk vulnerability assessments and provided corporate strategy for cybersecurity risk tolerance and assessment for internal audit and compliance departments in complex global institutions
  • ·       Designed cross country data management strategies to support global regulatory risk mitigation in client data
  • ·       Delivered mitigation strategies for regulatory citations, financial record exams, legal data disputes, reconstructed trading data, disputed communications and related global Records Policies and Retention Schedule improvements
  • ·       Designed multi-country Record Policies and Retention Schedules eliminating conflicts and providing accurate record harvesting processes for corporate legal departments - Resulted in much lower legal cost to avoid retention conflicts
  • ·       Developed index / search / retrieval strategies for several hundred terabytes of corporate compliance record assets
  • ·       Built information governance models for global corporations with multiple procedural control structures and stakeholders
  • ·       Advised counsel on cybersecurity requirements for quality standards in banking/broker-dealers/futures merchants, along with the remediation of business-critical information assets including data credibility, data domicile, data dictionaries, cross-country data sharing and privacy challenges
  • ·       Designed effective risk governance structures and program management for enterprise risk management committees
  • ·       Designed data lineage analysis for anti-money laundering (AML) investigations where evidence challenges required precise data assessments / technical reporting to risk committees helping this Fortune 100 Company avoid significant risk and fines
  • ·       Supported matter management for corporate organizations with multiple operations globally
  • ·       Managed projects for general counsel in record data merger support, internal audits, market disclosures and supervision for regulatory compliance, forensic analysis, ESI collection and defensible disposable processes
  • ·       Negotiated and managed several multimillion-dollar vendor contacts in many enterprise technology areas including eDiscovery, Legal Archives, eMail Management, Hosted Review, Imaging and WORM compliant data storage
  • ·       Designed and delivered successful and effective corporate governance structures and IGPMOs

 

Designed ILM Programs that have leveraged, enhanced, and delivered the following organizational risk mitigating capabilities for Data Governance:

ü  Information Asset Management: Built capabilities to efficiently maintain information asset inventories, including elevated level asset metadata and classifications. Know your customer (KYC) identifying information assets fundamental for subsequent data classification, risk assessment, and lineage analysis, enabling an effective risk-based governance approach.  

ü  Enterprise Data Architecture and Strategy: Supported IT’s Enterprise Data Architecture enterprise view of the departmental Data Strategies within divisions that defines tactics for the entire lifecycle of information assets, from capture at the source through to disposal. Included processes for data security, access, storage, classification, retention, and disposal. 

ü  Metadata Management: Built capabilities to efficiently manage a Business Glossary of business metadata, Physical Metadata, Data Lineage, and end-to-end views of data lineage and data quality operational metadata. 

ü  Data Quality Management: Designed rules-based capabilities to efficiently define, measure and improve the quality of data, ensuring that it is fit-for-purpose and in alignment with the business needs that it serves. 

ü  Policy Risk Procedures Management: Built capabilities to identify, classify and protect data, including data encryption/masking at rest, in transit or in-process, identity and access management and protection against data loss.  

ü  Document and Content Management: Designed efficient file analysis, metadata and content extraction, security scanning, tagging, protection and enterprise content movement capabilities. 

ü  Data Retention, Archive, and Disposal: Identified, classified, and tagged retention rules for structured and unstructured data. Archived and retrieved data per retention rules. Disposed of data protecting the privacy of data, while meeting legal and regulatory requirements (e.g., immutability, legal hold). 

ü  Master Data Management: Built capabilities to integrate reference data into a composite “gold copy” sharing this with operational systems and reporting/analytics platforms. 

 

MetLife, Long Island City, NY (Global Provider of Insurance and Financial Services)

 

Director, Litigation Support - Information Discovery, IT AD Litigation Support, Legal Affairs                                                                 2006-2009 

 

  • ·       Managed litigation and discovery in MetLife’s ITAD Litigation Support Legal Affairs Corporate Systems department supervising a team of 16 litigation support personnel and budget of more than $15 Million
  • ·       Managed risk-based operations over several terabytes of discovery data
  • ·       Created and implanted controls for customers to meet regulation over PII and PHI
  • ·      
  • ·       Identified and recommended the best long-term direction for Legal Risk &Technology
  • ·       Provided vendor strategy, maintained vendor grouping, cost reductions, and served as the gatekeeper for all legal vendors
  • ·       Managed risk over matters, billing, planning, forensic analysis, collections, processing, and case production
  • ·       Managed legal billing in matter management systems and invoice processing for more than $6 million in annual legal billing including scoping, scheduling and resources needed for legal projects and their interdependencies
  • ·       Managed legal archive migrations and email messaging compliance issue in HP Autonomy archives
  • ·       Adapted quickly to changing issues and challenges in a fast-paced operational environment
  • ·       Managed risk and directed the contracts, security, transfer, and disposition of more than 15 terabytes of critical data assets for vendor case management systems including MetLife extremely sensitive legal assets

Mr. Dawson has designed ILM Programs that have leveraged, enhanced and delivered the following organizational risk mitigating capabilities required to deliver the vision and mission for Data Governance:

Information Asset Management: Capabilities to efficiently maintain information asset inventories, including elevated level asset metadata and classifications. Identifying information assets is fundamental for subsequent data classification, risk assessment, and lineage analysis activities, enabling an effective risk-based governance approach.  

Enterprise Data Architecture and Strategy: IT’s Enterprise Data Architecture enterprise view of the departmental Data Strategies within divisions that defines tactics for the entire lifecycle of information assets, from capture at the source through to disposal. Includes processes for data security, access, storage, classification, retention and disposal. 

Metadata Management: Capabilities to efficiently manage Business Glossary and Business metadata, Physical Metadata, Data Lineage, and end-to-end views of data lineage and data quality operational metadata 

Data Quality Management: Rules-based capabilities to efficiently define, measure and improve the quality of data, ensuring that it is fit-for-purpose and in alignment with the business needs that it serves. 

Data Privacy Management: Capabilities to identify, classify and protect data, including data encryption/masking at rest, in transit or in-process, identity and access management and protection against data loss.  

Document and Content Management: Efficient file analysis, metadata and content extraction, security scanning, tagging, protection and enterprise content movement capabilities. 

Data Retention, Archive, and Disposal: Identify, classify and tag retention rules for information including structured and unstructured data. Archive and retrieve data per retention rules. Dispose of data protecting the privacy of data, while meeting legal and regulatory requirements (e.g., immutability, legal hold). 

Master Data Management: Capabilities to integrate reference data into a composite “gold copy” record sharing this with operational systems and reporting/analytics platforms. 


    ADDITIONAL PRIOR EXPERIENCE:

    Metropolitan Life Insurance Company., LIC, NY
    (Global Provider of Insurance and Financial Services)
    Director, Litigation Support - Information Discovery, IT AD Litigation Support, Legal Affairs

    James Dawson is Director of Litigation Support Information Discovery in MetLife’s ITAD Litigation Support Legal Affairs Corporate Systems department. His responsibilities include working with MetLife’s in-house counsel to support all phases of the Litigation Support life cycle.  He must provide planning, analysis, collection, processing, and meet case production requirements to satisfy preservation and discovery orders for regulatory requests and litigation.  Under his direction, his team manages projects through all phases of the data discovery, investigation, and collection.  This is inclusive of documents, systems and services including but not limited to: data search and audits, messaging data reviews, workflow plans, workflow business requirements, data collection specifications, vendor coordination, collection system test plans, and case systems user experience plans. James has innovated 'leading practices' in discovery and collection techniques for MetLife.  

    Compliance, CRM integrations, Networking, Messaging, Information Lifecycle Managementand enterprise information technology transformation. Mr. Dawson has a Bachelor of Science in Engineering from the University of Colorado and a Masters in Management of Technology from Polytechnic University. He has taught networking, technology and communication innovation as a university professor at New York Institute of Technology.

    Mr. Dawson is experienced in several areas of industry specific technology Compliance including requirements brought about by SEC 17a 3/4, NASD 3010/3110, HIPAA, DoD 5015.2, COOP 65, 21 CFR 11, GLBA, TREAD Act and Sarbanes Oxley. Mr. Dawson has significant financial services experience helping firms navigate the substantial changes needed in processes and systems to meet future Compliance for the banking industry. He has been responsible for multi-million dollar technology lifecycles in industries and verticals, from discovery to successful business implementations. He has completed several innovative hardware/software evaluations and integrations including security assessments. Mr. Dawson is excellent at describing the value proposition to C level decision makers, workflow managers and IT professionals.

    He has managed several profitable projects in the Financial Services industry, including such notable clients as Citibank, First Union, Lehman Brothers, Morgan Stanley, JPMorgan Chase, Deutsche Bank, Lloyds, and Merrill Lynch. His responsibilities also involved significant clients in the Travel industry (Virgin Airways, British Airways and Delta Airlines, Boston Coach), the Energy industry (Emera) and in the Retail industry (Coca Cola, Kenneth Cole).

    He has been responsible for technology design in collateralized loan obligation systems (CLOs), mortgage securities systems, equity research systems, Customer Relationship Management technologies (CRM), risk management systems, knowledge integrations and data visualizations. He is an expert in litigation preparedness, Compliance information systems, presence management, messaging compliance, email availability, wireless broadband subscriber gateways and real-time communications on enterprise networks.

    Mr. Dawson has managed more than 60 integration professionals at one time building robust legacy-sensitive enterprise solutions for budgets of $700,000 monthly. He has a record of accomplishment in successful customer relationships, delivering profitability through infrastructure improvements, content management solutions and wireless distribution channels.

    Mr. Dawson has been responsible for process improvement, internal and external client technology support, client presentations, new business development and change management. Mr. Dawson has designed computer processes for information sharing of $17 million in asset-backed transactions and used innovative Internet marketing strategy to underwrite and service $9 million in accounts receivable financing. He has been responsible for financial services visualization and user experience trading floor integrations to add significant efficiencies and functionality to complex trading, CDO, ABS and research systems. Clients include the New York Stock Exchange, SIAC, Morgan Stanley, JPMorgan Chase and others.

    Please contact James at the following email address, James Dawson or continue to learn about his experience by clicking on "Career Highlights," the next upper left tab.