Joseph Emerson

Managing Director

Joseph has a diverse range of Privacy expertise, bringing leadership and guidance to various high-priority regulatory compliance initiatives. This has included serving as an independent assessor pursuant to a Federal Trade Commission Consent Order, managing GDPR and CCPA readiness and compliance assessments and projects, and collaborating to develop, implement and ensure the ongoing success of solutions within organisational privacy programs (including a focus on third-party risk management, privacy impact assessments, and incident response programs).

Throughout his career, Joseph has also developed a comprehensive knowledge of compliance programs and helping organisations meet their compliance goals based on FDIC, Federal Reserve, HIPAA, SOC2, ISO27 series, GLBA, U.S. – E.U. Privacy Shield, NIST 800-53, and other compliance-related standards.

Prior to joining Protiviti, Joseph worked as a Director at a boutique consulting firm and as a Principal at Promontory Financial Group, an IBM company, overseeing and addressing challenges related to privacy, security, risk, and compliance management and the FBI. Joseph holds certifications with CIPP/US CISM, CDPSE, and CCSFP with the IAPP, ISACA, and HITRUST, respectively.

Major Projects

  • Spearheaded an assessment for the Federal Trade Commission (FTC) as an independent assessor for an ad-tech platform, successfully auditing the organisation's comprehensive privacy program, performing detailed code and control review related to geolocation opt-in compliance and the Children's Online Privacy Protection Act (COPPA).
  • Acted in the capacity of HIPAA Compliance Office for one of the largest metropolitan statistical areas in the U.S., ensuring alignment and compliance with global, federal, and state regulations.
  • Designated Privacy Officer for an international security client, providing oversight in all matters related to breach response, incident identification and management, vendor management, and overall data privacy compliance.
  • Designed internal audit programs and led internal audit responsibilities while providing guidance and directing companies through initial SOC2 and ISO 27001 and 27701 certifications.

Areas of Expertise

  • Privacy Strategy
  • IT / Privacy Risk Management
  • HIPAA, GDPR, CCPA, and ISO assessment, remediation, program development
  • Regulatory experience with FTC and OCR

Industry Expertise

  • Technology
  • Ad-Tech
  • Healthcare
  • Financial Services
  • Food and Beverage


  • MA – University of Denver, Josef Korbel School of International Studies
  • BS – University of Central Florida

Professional Memberships and Certifications

  • Certified Information Security Manager (CISM)
  • Certified Information Privacy Professional (CIPP/US)
  • OneTrust Certified Pro
  • Certified Data Privacy Security Engineer (CDPSE)
  • Certified CSF Practitioner (CCSFP)