Bio

Dr. Jason Gamage, PhD, CISSP, CIPP/E, CIPP/US, CIPM, CISA is a seasoned cybersecurity expert with over 32 years of experience in the field across various industry verticals. His experience includes working with companies such as Goldilock, Microsoft, Merrill Lynch, Delek US Holdings, Nintendo, Fashion Nova, TOMS Shoes, and AVG. His global experience includes working with various cultures in multiple locales including Silicon Valley, California, United Arab Emirates, Czech Republic, China, India, Korea, Australia, Canada, France, Cyprus, Japan, Brazil, Philippians, Germany, Poland, and England. He is a regular speaker and panelist on cybersecurity. Jason is a former member of the US Army Psychological Operations (PsyOps) unit and holds a PhD in Forensic Psychology. He is a strong leader with extensive experience developing Information Security/Cybersecurity programs that effectively deliver cost-efficient and secure solutions to support business and compliance requirements. His experience managing governance, risk, and compliance (GRC), as well as designing and testing controls, has been established with the successful implementation and maintenance of frameworks for ISO27000 series, NIST 800 series, Sarbanes-Oxley (SOX) 404, PCI-DSS 3.2, SOC2 type 2 & 3, data privacy, and ITGCs. He has successfully built multiple ISO 27001 complaint information security management systems and data protection and privacy frameworks from the ground up, developing effective information security and data governance programs explicitly tailored to company needs while enhancing the company’s risk posture. He has extensive knowledge and experience managing the implementation of data governance and privacy for UAE PDPL, ADGM ''The Regulations'', GDPR, EU Data Protection Directive (95/46/EC), HIPAA, HITRUST, HITECH, Privacy Shield, GLBA, France FDPA, Germany BDSG-new, UK DPA, CCPA, and the new CPRA requirements. He has experience as a Data Privacy Officer (DPO) and is currently appointed as the external DPO for three companies. This includes personally handling Data Subject Request (DSR) and providing a substantive response by taking the requested action or explaining why the DSR cannot be accommodated. He has extensive experience performing Data Privacy Impact Analysis reports as part of any project or release that involves employee and customer personally identifiable information (PII) in compliance with global data protection and privacy directives.