Alyssa Morell

Experience

• 

  The Ohio State University

  Oct 2011 - May 2015

  • Designed, built and maintained programs and databases (primarily using VBA and SQL in MS Excel and MS Access) for Ohio State University Office of Student Life operations, including Fiscal Support Services and the Ohio Union. • Created automated solutions to business process bottlenecks, saving time and resources. • Collaborated with the Ohio Union to develop an automated invoice billing program that functions on top of the Event Management System software, reducing process time from approximately 8 hours to 2-4 hours monthly. • Reconstructed Internal Controls’ Cash Reconciliation System in Excel, improving the process to over 90% automation and aiding in the department’s recovery of approximately 4 months of deferred work. • Automated the generation of purchase order reports from PeopleSoft Enterprise Financials. Show less

  • Student Programming Specialist - Student Life Fiscal Support Services, Internal Controls

    Jan 2015 - May 2015

  • Student Supervisor - Student Life Fiscal Support Services

    Jun 2013 - May 2015

  • Student Assistant - Student Life Fiscal Support Services, Internal Controls

    Jun 2012 - May 2014

  • Student Assistant - Student Life Fiscal Support Services, Accounting

    Jan 2012 - Aug 2012

  • Student Assistant - Student Life Fiscal Support Services, Records Management and Procurement

    Oct 2011 - Jan 2012
• 

  PwC

  Jun 2013 - Aug 2013

  Risk Assurance Intern

  • Performed year-end controls testing and wrote documentation for audit clients. • Created IT general controls testing templates and instructions for use by the offshore service delivery center to perform testing for audit clients. • Participated in face-to-face and over-the-phone meetings with clients, including business process walkthroughs and controls testing follow-ups.

• 

  PwC

  Jun 2014 - Dec 2014

  Risk Assurance Intern

  • Performed year-end controls testing and wrote documentation for audit clients. • Created IT general controls testing templates and instructions for use by the offshore service delivery center to perform testing for audit clients. • Participated in face-to-face and over-the-phone meetings with clients, including business process walkthroughs and controls testing follow-ups.

• 

  PwC

  Jul 2015 - Apr 2022

  • Develop and test against client-customized privacy controls frameworks, incorporating requirements from U.S. and global privacy regulations such as the California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the EU General Data Protection Regulation (GDPR).• Conduct privacy program gap assessments through client business/system owner interviews and document review (e.g., privacy policies, information security policies) to develop a remediation roadmap to increase privacy program maturity and help advance business objectives in a compliant manner.• Design and facilitate data inventory and data mapping initiatives for clients.• Lead interviews and meetings to facilitate completion of data protection impact assessments (DPIAs), privacy impact assessments (PIAs), and legitimate interest assessments (LIAs).• Develop privacy policies, notices, standard operating procedures (SOPs), metrics, and test steps (e.g., external and internal privacy notices, privacy data breach response procedures, acceptable use policies), incorporating requirements from privacy regulations such as GDPR, CCPA, and the Gramm-Leach-Bliley Act (GLBA).• Assist in the development of the audit plan and execution of a GDPR internal audit.• Lead project status meetings with internal and client stakeholders in the business, technology and legal teams, including Data Protection Officers, Chief Information Officers, and Project Managers.• Create and maintain project budget.• Manage the day-to-day responsibilities and provide coaching and feedback to junior team members. Show less • Promoted 6 months early to Senior Associate.• Designed test plans and led testing of entity-level, business process, and information technology general controls for compliance with Section 404 of the Sarbanes-Oxley Act of 2002.• Executed surprise examinations for compliance with Rule 206(4)-2 under the Investment Advisers Act of 1940.• Lead audit status meetings with the client Internal Audit team.• Managed the day-to-day responsibilities and provided coaching and feedback to junior team members. Show less

  • Information Governance & Privacy Manager

    Jul 2020 - Apr 2022

  • Cybersecurity & Privacy Senior Associate

    Apr 2018 - Jul 2020

  • Risk Assurance Senior Associate

    Jan 2018 - Mar 2018

  • Risk Assurance Associate

    Jul 2015 - Dec 2017
• 

  Google

  Apr 2022 - now

  Privacy Engineer