Joe Shepley

Joe’s professional experience includes:

• Records and Information Management Assessment: Led an engagement to assess the Records and Information Management (RIM) program for the CPO of a Fortune 500 petrochemical manufacturer and benchmark against peers as well as industry leaders in energy, specialty manufacturing, and heavy industry, including a 24-month roadmap of initiatives required to raise their maturity, cost estimates for the roadmap initiatives, and a leadership presentation to executive stakeholders.
• Records and Information Management Modernization: Oversaw the development of the RIM function for a for a top five global automaker. Assessed current RIM capabilities through interviews with more than 20 functions and the collection, analysis, and standardization of over 350 departmental records retention schedules. Partnered with the global privacy office to cross-reference the records retention schedule with categories of personal and sensitive personal information to support privacy reporting requirements in the U.S. and EU.
• Data Minimization: Managed a series of engagements to assist a global telecommunications conglomerate with its data minimization efforts in support of complying with CPRA. Working with information governance, records management, privacy, legal, IT, and data governance, defined the retention period process to enable technical system owners for approximately 10,000 systems to determine retention requirements for their systems. Acted as program team member to support client resources in assisting TSOs to define retention.
• Business Case: Oversaw the development of a business case for data minimization for a top five U.S. hospital group. Quantified cost savings associated with divested facilities, upcoming data center move, and risk mitigation for e-discovery and HIPAA compliance. Identifed annual savings of over $10 million and gained approval for the hospital group’s enterprise data minimization program.
• Information Governance Assessment and Benchmark: Led an engagement to assess the Information Governance (IG) program for the CISO of a top 25 life sciences organization and benchmark against peers as well as industry leaders in financial services, insurance, and energy, including a 24-month roadmap of initiatives required to raise their maturity, cost estimates for the roadmap initiatives, and a leadership presentation to CIO, CISO, and chief compliance officer.
• Information Governance Program Design: Oversaw the design of an IG program for the CIO of a Fortune 500 exploration and production organization, including a 24-month roadmap of initiatives required to implement the program and change management approach and collateral.
• Data Governance Strategy: Led the development of a data governance strategy for the CISO and CIO of a large, single-state Blue Cross Blue Shield organization to help them address the risk posed by unmanaged PHI, including a 24-month roadmap of initiatives required to execute the strategy, a cost benefit analysis for the roadmap initiatives, and a board presentation.
• Policy and Procedure Remediation: Oversaw the remediation of policies and procedures related to information governance for the general counsel of a pharmacy benefits manager, including the rewriting of deficient policies, authoring of new policies, and recommendations for how to evolve operational procedures across the organization to comply with the remediated policies.
• HIPAA Assessment: Led the assessment of HIPAA compliance program for the CIO and CISO of a Fortune 1000 healthcare provider, including a compliance crosswalk that identified gaps and overlaps in controls for HIPAA and other obligations (NIST, HITECH, etc.) and a roadmap of initiatives to close Severity 1 gaps in three quarters.
• Electronic Records Management Implementation: Oversaw the migration and classification of corporate records for back-office functions from file shares and legacy SharePoint to records-management enabled OpenText for the general counsel of a Fortune 1000 mining organization. Included a defensible disposition playbook to enable client to continue the implementation for front office functions.
• Data Cleanup and Migration: Led the cleanup and migration of file share data to Office365 for the CIO of a Fortune 500 electric and gas utility, including design of the target state SharePoint and Teams environment, deletion of stale and junk data, automated tagging of content during migration, and change management design and execution.
• Information Architecture: Oversaw the development of an Information Architecture for eight departments for the CIO of a single-state Blue Cross Blue Shield organization to support data lifecycle management as well as improved findability and usability. Also developed train the trainer playbook and change management collateral to allow client to complete the information architecture for remaining departments.