Lucia V.

● Cross-border privacy & compliance: DSARs, DPIAs, data mapping, GDPR/CCPA/LGPD/PIPL & regulator engagement.

● GRC & Cybersecurity: NIS2, DORA, ISO 27001 & COBIT; risk registers & incident-response planning.

● AI Ethics & Tech Policy: EU AI Act and Digital Markets Act regulatory alignment, governance impact assessments, data-access transparency analysis, and policy advisory for digital platform ecosystems.

● Built and monitored cyber risk frameworks aligned with ISO 27001, NIST CSF, and CMMC.

● Defined KPIs, dashboards, and maturity models for global IT/OT systems.

● Led compliance audits, remediation plans, and internal control automation.

● Coordinated third-party risk initiatives and executive-level reporting.

● Managed privacy compliance in 20+ countries, including DPIAs, TIAs, and vendor assessments.

● Reviewed SCCs, data processing agreements, and global consent management.

● Delivered internal privacy training and incident response documentation.

● Embedded privacy-by-design with product, IT, and legal teams.

● Advised digital product teams on Privacy-by-Design in customer-facing platforms, supporting DPIAs and controller/processor role allocation.