Global, end-to-end cyber risk solutions.
Yvette Gabrielian is a Senior Director in the Cyber Risk practice of Kroll, based in the Los Angeles office. In her current role, Yvette specializes in advisory services related to all aspects of data privacy, information security and breach notification under U.S. and EU laws and regulations. She is additionally involved in providing interim CISO, DPO and virtual Privacy Program Manager services.
Over her career, Yvette has helped organizations comply with diverse regulatory regimes and evolving mandates relating to anti-money laundering, know your customer, consumer financial privacy and security, and data breach detection and notification. She has more than 14 years of corporate governance and regulatory compliance experience creating and running corporate compliance departments for many financial services companies. Yvette has also guided organizations successfully through federal regulatory examinations and state investigations.
Yvette is particularly well versed in a number of relevant laws and regulations, both domestic and international, including the USA Patriot Act, Bank Secrecy Act, CFPB, COPPA, Dodd-Frank Act, FCRA, FDCPA, GDPR, GLBA, HIPAA, NYDFS, PCI DSS, SEC-OCIE Cybersecurity Guidance and TCPA. She translates this knowledge and experience into pragmatic guidance for clients, helping them with strategic efforts such as developing and implementing policies, procedures and processes; training programs; consumer complaint and dispute portals; consumer credit reporting; internal audits; identity theft prevention/remediation management; and third-party vendor management.
Prior to joining Kroll, Yvette was the Chief Compliance Officer for Automated Collection Services, Inc., where she established and led the compliance and training departments. Earlier in her career, Yvette oversaw the development and implementation of several companies’ overall data security and risk management programs in the banking and financial services industries. Her accomplishments include developing and executing plans to comply with consumer financial privacy and data security regulations; liaison between the company and the regulators and law enforcement; and compliance with breach detection and notification requirements under HIPAA and state laws. These efforts reduced the risk of compromise to the consumer’s private information and regulatory and reputational risk to the company.