485 Lexington Avenue, 10th Floor
New York, NY 10017
Megan McMahon is a Senior Director at Ankura, based in New York. She is an experienced attorney and consultant focused on end-to-end data protection solutions and strategies including privacy and cybersecurity consulting, managed detection and response (MDR), and incident response.
In her role, Megan works to bridge the gap between various cross-functional business stakeholders to define, analyze, design, and implement comprehensive data protection solutions with minimal disruption to the business. Within MDR, Megan regularly works with clients to optimize and orchestrate their existing security stack, supplementing with advanced technology to streamline the detection and response process. Megan has experience managing large-scale third party risk management engagements helping clients identify and rank the risk associated with vendors with access to sensitive information. She also has experience managing GDPR, CCPA, and general compliance engagements for a variety of large, multinational clients, focusing on the interplay between stakeholders in legal, compliance, IT, and security.
Megan’s professional experience includes the following:
- CCPA readiness: Designed and implemented a CCPA compliant privacy program from scratch for a multi-billion-dollar hospitality chain in less than four months. Efforts included data mapping, designing and implementing DSAR portals, cookie compliance, and employee trainings.
- Third party risk management (TPRM): Led team engaged to build out a third party risk program for a major U.S. insurance company. Designed and developed workflows including assessment templates, distribution, analysis, and remediation on a leading TPRM platform.
- GDPR readiness: Assisted a large international technology firm in building out a GDPR compliant program. Tasks included data and business process mapping, negotiating data protection agreements, security controls review, managing DSARs, data breach notification to regulators, and the implementation of a privacy program management platform.
- JD, Fordham University School of Law
- BA, Penn State University
- Certified Information Privacy Professional/Europe (CIPP/E)
- Certified Information Privacy Manager (CIPM)
- New York and New Jersey bar (inactive)
- International Association of Privacy Professionals
- Women in Security and Privacy (WISP)