Jeffrey Winn, J.D., PMP, CISSP, CIPP/E, CIPP/US, CIPP/G
Details
2023 : Present
UnitedHealth Group
Senior Privacy & Cybersecurity Counsel
2023 : 2023
Optum
Senior Associate General Counsel
The Data Protection Officer (DPO) and Senior Privacy Counsel works directly with the Chief Privacy Officer as part of Change Healthcare’s Enterprise Privacy Office to lead regulatory and compliance activities for the organization. Efforts include developing policies, processes, and programs to address the privacy of, and appropriate access to, protected health information, personal information, and other sensitive data to ensure compliance with US federal and state laws, EU and UK GDPR, PIPEDA and relevant international privacy protection laws and regulations. Other responsibilities include providing regulatory, transactional, and legal support to Change Healthcare’s business units and senior executives in the United States, Canada, the United Kingdom, and the European Union.
2020 : 2023
Change Healthcare
Data Protection Officer & Senior Privacy Counsel
Oversaw engagement planning, budgeting, organizing, executing work plans, managing daily aspects of client engagements, scheduling and conducting client interviews, and documenting, coordinating, leading program delivery teams and presenting client deliverables
Selected Accomplishments :
-Sold and delivered a multi-year, multimillion-dollar PCI remediation program for a large, quasi-federal agency, total value : $25M/5 Years.
-Achieved $19M in FY20 sales for Deloitte Cyber Risk Services driving considerable year-over-year growth
- Grew a Sarbanes Oxley (SOX) remediation into a $3M book of business that is set to endure and to grow into new directions
2007 : 2020
Deloitte Advisory
Managing Director
2007 : 2013
Deloitte & Touche LLP
Senior Manager
About
I am a senior privacy and cyber-security executive with experience providing cyber risk, data protection and privacy services to large, multifaceted organizations. I built industry-leading programs including EU/UK GDPR compliance programs for healthcare, cloud cyber risk strategy and implementation, Chief Information Security Officer (CISO) transformation programs, Payment Card Industry Data Security Standard (PCI-DSS) remediation, security program management, project management, information risk assessments, security strategy, data privacy, data protection, network security, enterprise risk management, incident response, and regulatory compliance initiatives.
I have strong business development experience related to international privacy program development (EU/UK GDPR) (CIPP-E), Cloud Cyber Security, Cyber Risk solution development (CISSP), US Privacy Law (JD, CISSP-US), Enterprise Risk Management, Vulnerability Management, and Computer Forensics.
CORE COMPETENCIES: Data Privacy, Cyber Standards & Regulations (NIST, HIPPA, ISO Standards), Project Management Professional (PMP), Network Security, Information Security Management, Security Information and Event Management (SIEM), Information Security, Cybersecurity Incident Response, Identity & Access Management (IAM), Cloud Cyber Risk Strategy and Implementation, CISO Transformation Programs, Enterprise Risk Management, Information Technology Security Operations, Technical Program Leadership.
Profile Photo
