Protiviti Contact

Protiviti Contact

Katie Stevens


Professional Experience

Katie is a Director in our Technology Consulting practice with a specific focus in Security, Privacy, and Identity and Access Management (IAM). Katie has over 15 years of Security & Privacy experience and 19 years of overall technology experience. Prior to joining Protiviti, Katie assumed a lead Technology Risk & Compliance role at a global banking firm with main focus in Security & Risk Management, Identity & Access Management, Business Continuity, and Data Protection. After joining Protiviti in 2011, Katie has provided Security & Privacy services for clients in a variety of industries, including financial services, healthcare services, retail, consumer products, and legal services.

Major Projects

  • Prior to joining Protiviti in 2011, Katie led a variety of Information Security and Privacy engagements at a large financial institution. Her experience ranges from conducting security and data protection assessments to implementing complex information security and data protection solutions such as Multi-Factor Authentication, Role Based Security, and Privileged Identity tools. Katie brings extensive experience in safeguarding IT systems and data protection with focus in IAM. She advised technology projects to guide IT teams toward best security and data protection practices and to help ensure compliance with various regulatory and data privacy requirements.
  • Since 2016, Katie has been focusing solely on helping our clients operationalize the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) requirements with main focus in data discovery and inventory, compliance readiness assessments, implementation of GDPR and CCPA compliance strategies as well as implementation of technology solutions to address data subject rights and data management requirements.
  • Assisted several e-Discovery clients with the development and implementation of an enterprise-wide Information Lifecycle Management program, including data discovery, classification, and implementation of data protection and security controls.
  • Implemented Data Subject Rights portals and supporting processes at several large clients in the following industries: financial services, legal services, hospitality services and internet service providers.
  • Privileged Access Management (PAM) program and capabilities assessments and implementation of privileged access management processes and technologies to address the risk of data breaches.
  • Defined and implemented a Role Governance Framework, including workflows for the role lifecycle (definition and approval, maintenance, recertification, retirement) and user access lifecycle (birthright, ad hoc, time-based provisioning, de-provisioning, recertification) to establish controls for data protection.


  • InfoSec & Compliance 
  • Data Governance & Privacy
  • Identity and Access Management
  • Role Based Access Control
  • Application & Data Security


  • Financial Services
  • Consumer Product
  • Legal Services
  • Healthcare Services
  • Retail
  • Hospitality Services


  • MBA, Business Administration, Rockhurst University, Kansas City
  • Associate, Project Management, George Washington University
  • BS, Management Information Systems, Iowa State University