Luana O.

Cybersecurity & Privacy Leader | AI Governance & Risk

Orlando, Florida, United States

About

Cybersecurity, Privacy & Technology Risk leader with 20+ years of experience building, scaling, and hands-on implementing enterprise security, privacy, and governance programs across global organizations. Proven track record of growing data protection and privacy practice from inception to scale ($28M revenue, from inception to 45-person team at EY), leading transformation initiatives, and advising C-suite stakeholders on cybersecurity, regulatory compliance, digital trust, and technology risk. Deep experience in cybersecurity governance, risk, and implementation across NIST CSF, ISO/IEC 27001, PCI DSS, combined with strong expertise in privacy and data protection frameworks, including LGPD, GDPR, CCPA4, and ISO 27701. Knowledge of AI Governance and emerging responsible AI frameworks, including ISO 42001 and NIST AI RMF, focused on AI risk, governance, and digital trust as AI Lead Implementer certificated.

Experience

  • Chief Trust Officer (Security, Privacy & AI) at The Podium AI
    May 2026 - Present · 3 mos

    ● AI Governance — Define and operationalize the company's Responsible AI governance framework, including policies, governance structures, roles and responsibilities, and oversight of AI-powered capabilities and autonomous agents throughout the AI lifecycle. ● AI Risk Governance — Lead the enterprise AI risk management program by establishing risk assessment methodologies, governance guardrails, model risk management practices, accountability frameworks, and regulatory readiness aligned with emerging standards such as the EU AI Act, NIST AI RMF, and ISO/IEC 42001. ● Privacy & Data Governance — Design and oversee privacy-by-design and enterprise data governance programs, ensuring the platform's data ecosystem supports responsible AI while maintaining compliance with GDPR, LGPD, CCPA, and other applicable privacy regulations. ● Cybersecurity & DevSecOps — Define the organization's cybersecurity strategy and DevSecOps operating model, embedding security throughout the software development lifecycle through secure-by-design principles, CI/CD security automation, cloud security, identity and access management, and governance for AI-enabled systems.

  • Independent Researcher — AI Governance, Cybersecurity & Privacy at Self-Employed
    Mar 2025 - Present · 1 yr 5 mos

    Dedicated period of independent research, authorship, and executive education — building on 20+ years leading cybersecurity, privacy, and data protection programs across global organizations. ● Co-author of Responsible Artificial Intelligence, contributing a chapter on how AI both challenges and strengthens digital trust in cybersecurity, data protection, and privacy. ● Completed executive programs at MIT (Applied Agentic AI), Stanford (AI Security), and Cambridge (Ethical AI); earned and advancing AI governance credentials including IAPP AIGP, ISO 42001 Lead Implementer, ISO 23894, and ISO 38507. ● Researching the intersection of AI risk management, secure-AI adoption, and privacy engineering — translating NIST AI RMF, ISO 42001, and the EU AI Act into practical implementation patterns for enterprise environments.

  • Director Cybersecurity | Data Protection & Privacy at PwC
    Mar 2023 - Mar 2025 · 2 yrs 1 mo

    ● Led cybersecurity and privacy programs for enterprise clients across multiple industries. ● Oversaw delivery of multiple multimillion-dollar cybersecurity and privacy projects, driving enterprise-scale risk and compliance outcomes. ● Advised C-level stakeholders on cyber risk, regulatory compliance, and digital trust transformation initiatives. ● Led delivery of complex cybersecurity and privacy programs across multiple concurrent engagements. ● Contributed to business development and strategic growth of cybersecurity and privacy services.

  • Senior Manager Cybersecurity | Data Protection and Privacy at EY
    Mar 2019 - Feb 2023 · 4 yrs

    ● Led the Privacy and Data Protection practice in Brazil, including strategy, operations, and go-to-market initiatives and scaled the Privacy and Data Protection practice from inception to a 45-person high-performing team, achieving the main revenue of the area between 2019 and 2022. ● Built and scaled privacy frameworks aligned with GDPR, LGPD, CCPA, ISO 27701, and related regulatory requirements. ● Managed multidisciplinary teams delivering privacy and cybersecurity programs for multinational clients across multiple industries. ● Established strategic partnerships with privacy technology vendors and led the implementation of privacy management platforms and strengthened the implementation of privacy and data protection programs through industry-leading partners such as BigID, OneTrust, Microsoft, and IBM. ● Drove revenue growth and pipeline expansion for cybersecurity and privacy advisory services. ● Actively contributed to talent development, mentoring, and performance coaching initiatives, supporting the growth of high-performing professionals and future leaders. ● Supported and participated in initiatives related to Women in Technology, diversity, and inclusion within the cybersecurity and technology community. ● Served as a coach and mentor in initiatives supporting Paralympic athletes, contributing to professional and personal development programs.

  • Cybersecurity Manager | Data Protection and Privacy at Accenture
    Oct 2018 - Feb 2019 · 5 mos

    ● Supported the structuring of Privacy Office operations and regulatory compliance project within a top-tier global financial institution (Itaú Unibanco - ~$50B revenue, impacting ~100K employees).