Open to opportunities

Norman Levine

@normanlevine

Message

Cyber risk and privacy executive delivering TPRM, GRC automation, and privacy-by-design results.

United States

Message

What I'm looking for

I seek remote contract or consulting roles where I can modernize TPRM and GRC, improve audit readiness, and drive measurable risk reduction while advising executives and boards.

I am a cyber risk and privacy executive with over 20 years leading enterprise TPRM, GRC automation, and privacy-by-design programs for Fortune 500 companies and professional services clients. I serve as a trusted advisor to executives, boards, and investors and have delivered measurable outcomes such as shorter vendor assessment cycles and improved remediation closure.

As Founder and Principal Consultant at Cyber Risk Partners, I act as a fractional CRO and vCISO, modernizing third-party risk management, automating GRC workflows in RSA Archer and ServiceNow, and strengthening cyber insurance readiness. Previously I led enterprise TPRM and privacy initiatives at Omnicom, Cigna, Stanley Black & Decker, HBO, and KPMG, managing multi-billion-dollar vendor portfolios and global programs.

I hold practical experience across audit readiness (SOC 2, ISO 27001, NIST), regulatory compliance (HIPAA, GDPR, CCPA/CPRA, DORA), and AI governance development. I am open to remote contract and consulting engagements and focus on driving measurable risk reduction, improved audit posture, and cross-functional alignment among Legal, Procurement, and Compliance.

Experience

Work history, roles, and key accomplishments

Current

Founder & Principal Consultant

Current

Cyber Risk Partners LLC

Jan 2024 - Present (2 years)

Serve as fractional CRO and vCISO for mid-market and PE-backed organizations, modernizing TPRM and privacy programs and automating GRC workflows to improve evidence traceability and audit readiness.

Third Party Risk Management GRC Privacy By Design RSA Archer OneTrust

Senior Manager, Cyber Risk Management

Omnicom Group

Jan 2022 - Jan 2024 (2 years)

Led enterprise TPRM and privacy initiatives across operating agencies, standardizing third-party risk processes and delivering program metrics and reports to enterprise risk committees.

Privacy Governance Stakeholder Management RSA Archer Policy Development

Senior Lead, TPRM & Privacy

Cigna Healthcare

Jan 2019 - Jan 2022 (3 years)

Managed a $10B vendor portfolio supporting HIPAA-regulated operations, centralized risk registers in Archer and expanded SIG due diligence to raise attestation completion to 98%.

HIPAA RSA Archer SIG Questionnaires Privacy Controls Remediation Governance Audit Reporting

Manager, TPRM Global Oversight

Stanley Black & Decker

Jan 2013 - Jan 2018 (5 years)

Managed due diligence for a $14B portfolio and continuous monitoring of 900+ vendors, initiated GDPR readiness and automated vendor tiering to reduce manual effort ~25%.

Due Diligence GDPR Monitoring Vendor Tiering Contract Review

Manager, IT Compliance & Audit

Home Box Office

Jan 2006 - Jan 2013 (7 years)

Managed SOX, PCI, and privacy compliance programs, enhanced disaster recovery and business continuity testing, and coordinated IT audit and remediation activities.

SOX Compliance PCI Privacy & Compliance Audit Management Business Continuity

Manager, IT & Architecture

KPMG LLP

Jan 2001 - Jan 2005 (4 years)

Led IT separation and privacy controls during a major divestiture and conducted enterprise IT and privacy audits for financial services and healthcare clients under SOX and HIPAA.