Scott Margolis is a Managing Director in EY’s Cybersecurity group and co-leader of America’s Data Privacy & Protection practice. He focuses on global financial services privacy and cybersecurity, integrating his significant experience with global privacy law, regulatory compliance, information security and risk management. His recent engagements have focused on leading clients to compliance with the California Consumer Privacy Act (CCPA) as well as the General Data Protection Regulation (GDPR) and support for clients pursuing EU Binding Corporate Rules (BCRs), improve postures in cybersecurity strategy, US privacy compliance, third party risk management (TPRM), information security program management, Data Loss Prevention (DLP), and identity and access management (IAM).
Mr. Margolis has been supporting clients in consulting roles for over 20 years. Prior to joining EY, he held the role of Strategy and Planning Executive for Bank of America’s Enterprise Privacy Technology where he was responsible for design and implementation of the compliance program supporting the globalization of the bank across 60 jurisdictions around the world, as well as the regulatory compliance processes and technology supporting the firm globally. He has been awarded 2 US Patents for his ground-breaking work in this challenging area of law and compliance.
He earned his Project Management Professional (PMP) designation in 2002, is a Certified Information Privacy Professional (CIPP/US) in US law, as well as a CIPT in privacy technology, and has earned a credential in design for six sigma (DFSS) processes. He has presented at system development conferences worldwide and has multiple copyrights to his credit for processes and supporting system development and applications that he has led from ideation through program management to successful delivery. Immediately prior to his role in the BAC compliance organization, he was SVP of Enterprise Technology Strategy for the infrastructure team at Bank of America, leading the implementation of workflow automation for the firm.