Rik Cudmore

Senior privacy and compliance executive with 15+ years of leadership in data protection, governance, ethics, and business integrity and compliance oversight. Proven record in architecting enterprise-wide privacy and compliance governance frameworks and standing up governance committees. Skilled at providing privacy and data protection consultation services across cross-functional stakeholders — Legal, Digital, Clinical Operations, Internal Audit, Medical Affairs, Project Management, and Advisory teams — to execute risk assessment and mitigation strategies that deliver audit-ready programs targeting zero findings.

Known for translating complex regulatory requirements into actionable governance structures that protect organizational integrity and accelerate business objectives.

Director, Privacy & Compliance / HIPAA Privacy Officer/DPO (global) at Clinical Trial Media, Inc. (2022-01 – Present)

A global, data-driven patient recruitment and retention firm serving pharmaceutical sponsors and CROs across 3,000+ clinical studies since 1995, with operations worldwide. Architected the company's first enterprise-wide global compliance governance framework spanning privacy, data protection, quality management, and corporate compliance — establishing the governance infrastructure from the ground up during a period of rapid global expansion, including Privacy by Design/Default into clinical research, digital marketing, commercial website tracking/cookies, and proprietary software strategy. Founded and chaired the Information Security Oversight Committee; co-chaired Data Management, Risk Management, and AI Governance subcommittees — providing senior leadership with comprehensive compliance program reporting and strategic risk visibility.

Directed compliance due diligence and oversight for all pharmaceutical sponsor partnerships, strategic alliances, and business initiatives — navigating multi-stakeholder GCP, privacy, and security audits, leading to zero findings. Designed and implemented compliance program effectiveness measures, including audit methodologies aligned to HIPAA Privacy & Security Rules, HITECH, GCP, GDPR, LGPD, AUSNZ PP, APAC, SOC2, ISO27001, and NIST CSF — delivering actionable risk intelligence to Compliance Committees and senior leadership. Advanced enterprise-wide risk mitigation plans and corrective action strategies in collaboration with cross-functional partners, including Legal, Digital Marketing, Privacy, and Internal Audit.

Managed compliance vendor qualification and due diligence processes supporting sponsor partnerships and strategic alliance RFIs. Negotiated all Data Processing Agreements and Business Associate Agreements, ensuring global regulatory alignment across strategic partnerships and alliance relationships. Drove continuous improvement of compliance programs based on evolving industry trends, regulatory changes, and digital transformation requirements.

• Reduced DSAR response times to a 7-day average, exceeding regulatory benchmarks and strengthening sponsor confidence.
• Decreased privacy compliance incidents by 75% through proactive risk mitigation and governance framework enhancements.
• Reduced international market onboarding from weeks to 3 days for cursory regulatory requirement assessments and 7–14 days for development of a comprehensive strategic compliance and privacy plan for country entry, accelerating global expansion timelines.
• Elevated the organization's global competitive position by leveraging compliance excellence as a strategic differentiator in sponsor and partner engagements.

HIPAA Privacy Officer / Data Protection Officer (Global DPO) at Elligo Health Research, Inc. (2021-01 – 2022-01)

An integrated clinical research organization embedding trials directly into routine healthcare, connecting sponsors and CROs with a nationwide network of 400+ research-ready sites. Modernized and expanded the enterprise's global compliance and privacy governance program during a period of rapid organizational growth and strategic transformation. Embedded compliance strategies into business objectives by partnering with senior leadership across Marketing, Medical Affairs, Legal, PMO, and Digital teams.

Led compliance risk assessments (DPIAs) for all new strategic initiatives and maintained comprehensive compliance records supporting regulatory and partner audit readiness. Built and launched a comprehensive Third-Party Risk Management (TPRM) program, conducting compliance assessments across all vendors, strategic partners, and service providers. Conducted compliance investigations and provided governance advisory on IRB/Ethics Committee matters.

• Reduced DSAR response times to a 7-day average, exceeding regulatory benchmarks and strengthening sponsor confidence; automated RoPA in proprietary system, and improved completion times for all Data Protection Impact Assessments (DPIAs) through automation in proprietary software.
• Decreased privacy compliance incidents by 75% through proactive risk mitigation and governance framework enhancements.
• Reduced international market onboarding from weeks to 3 days for cursory regulatory requirement assessments and 7–14 days for development of a comprehensive strategic privacy plan for country entry, accelerating global expansion timelines.
• Elevated the organization's global competitive position by leveraging compliance excellence as a strategic differentiator in sponsor and partner engagements.

Director of Compliance & Privacy at ClinEdge, LLC (2020-01 – 2021-01)

A high-growth clinical research site network partnering with pharmaceutical companies and CROs to streamline trial management across 270+ sites and 2,500+ awarded studies. Built and scaled the compliance and privacy governance program for a high-growth clinical research organization. Led compliance due diligence, internal investigations, CAPAs, and vendor audits (virtual and onsite) supporting strategic partner and sponsor relationships.

Delivered all compliance, privacy, and quality components of RFIs for sponsors and strategic partners.

• Reduced DSAR response times to a 7-day average, exceeding regulatory benchmarks and strengthening sponsor confidence.
• Decreased privacy compliance incidents by 75% through proactive risk mitigation and governance framework enhancements.
• Elevated the organization's global competitive position by leveraging compliance excellence as a strategic differentiator in sponsor and partner engagements.

Massachusetts Compliance Manager at Cresco Labs / Hope Heal Health (2019-01 – 2019-12)

One of the largest publicly traded, vertically integrated multistate cannabis operators in the U.S., with retail and cultivation operations across multiple states.

Hope Heal

Health was its Massachusetts medical cannabis dispensary subsidiary. Designed and implemented the organization's first compliance and privacy governance program in a highly regulated emerging industry. Chaired the Compliance Champions Committee, establishing governance reporting structures and strong regulatory relationships. Led enterprise risk programs, compliance training, and operational readiness initiatives.

• Successful attainment of Adult Use License with no more than 2 minor recommendations.

System Compliance & Privacy Program Operations Manager at Steward Health Care System (2015-01 – 2016-01)

At its peak, the largest private for-profit hospital system in the United States, operating 33+ hospitals, 25+ urgent care centers, and employing over 30,000 healthcare professionals nationwide. Managed system-wide compliance governance operations across risk assessment, policy, education, auditing, hotline management, Sunshine Act, and COI oversight. Led CMS-aligned compliance and FWA training for first-tier, downstream, and related entities — directly relevant to healthcare compliance program governance.

Transitioned the Conflict-of-Interest program in-house, generating measurable cost savings and improved governance visibility.

• Transitioned Conflict of Interest monitoring program in-house, saving the organization annual platform fees.
• Created and delivered the Initial Compliance Onboarding Program to all new hospital staff.
• Produced Initial Compliance Onboarding Video to provide consistent compliance orientation in the absence of live training.

Adjunct Professor — Business Ethics, Corporate Compliance, CSR, Privacy at Cambridge College Global / New England College of Business & Finance (2010-01 – 2023-01)

An accredited institution serving adult learners with graduate and undergraduate programs in business, ethics, compliance, and finance. NECB was acquired by Cambridge College in 2020. Architected and taught graduate-level courses on compliance program design, global governance, corporate ethics, ESG, Privacy (HIPAA/GLBA), and enterprise risk management — directly reinforcing strategic thinking and compliance program expertise.

Mentored professionals across healthcare and regulated industries on implementing governance, compliance, and risk programs.

• Mentored several students to executive positions within their industry.

Doctor of Business Administration (DBA)

Master of Science, Business Ethics and Compliance

Bachelor of Arts, Psychology