Joseph Emerson

Managing Director

Joe Emerson is a Managing Director, leader in Protiviti’s Data Protection and Privacy practice, and privacy subject-matter expert with comprehensive knowledge of privacy and compliance requirements to strategize, develop, and deliver complex privacy and compliance solutions for some of the world’s largest and most innovative companies. This has included serving, on numerous occasions, as an independent assessor pursuant to FTC Consent Orders, acting as a HIPAA Compliance Officer and Privacy Officer for major corporations and government agencies, managing privacy regulation readiness and compliance assessments, and collaborating to develop, implement, and ensure the ongoing success of solutions within organizational privacy programs.

Throughout his career, Joseph has also developed a comprehensive knowledge of compliance programs and helping organizations meet their compliance goals based on FDIC, Federal Reserve, HIPAA, SOC2, ISO27 series, GLBA, U.S. – E.U. Privacy Shield, NIST 800-53, and other compliance-related standards.

Prior to joining Protiviti, Joseph worked as a Director at a boutique consulting firm and as a Principal at Promontory Financial Group, an IBM company, overseeing and addressing challenges related to privacy, security, risk, and compliance management and the FBI. Joseph holds certifications with CIPP/US CISM, CDPSE, and CCSFP with the IAPP, ISACA, and HITRUST, respectively.

Major Projects

  • Spearheaded an assessment for the Federal Trade Commission (FTC) as an independent assessor for an ad-tech platform, successfully auditing the organization's comprehensive privacy program, performing detailed code and control review related to geolocation opt-in compliance and the Children's Online Privacy Protection Act (COPPA).
  • Acted in the capacity of HIPAA Compliance Office for one of the largest metropolitan statistical areas in the U.S., ensuring alignment and compliance with global, federal, and state regulations.
  • Designated Privacy Officer for an international security client, providing oversight in all matters related to breach response, incident identification and management, vendor management, and overall data privacy compliance.
  • Designed internal audit programs and led internal audit responsibilities while providing guidance and directing companies through initial SOC2 and ISO 27001 and 27701 certifications.

Areas of Expertise

  • Privacy Strategy
  • IT / Privacy Risk Management
  • HIPAA, GDPR, CCPA, and ISO assessment, remediation, program development
  • Regulatory experience with FTC and OCR

Industry Expertise

  • Technology
  • Ad-Tech
  • Healthcare
  • Financial Services
  • Food and Beverage


  • MA – University of Denver, Josef Korbel School of International Studies
  • BS – University of Central Florida

Professional Memberships and Certifications

  • Certified Information Security Manager (CISM)
  • Certified Information Privacy Professional (CIPP/US)
  • OneTrust Certified Pro
  • Certified Data Privacy Security Engineer (CDPSE)
  • Certified CSF Practitioner (CCSFP)