Juris Doctor • Cybersecurity • Compliance • AI Development
Risk, privacy, and cybersecurity systems built for regulated environments.
David E. Smith Jr., J.D. is a senior regulatory governance and compliance professional focused on defensible controls, structured documentation, audit readiness, privacy programs, and AI-assisted risk operations across financial services, healthcare, utilities, legal services, and technology environments.
10+
Years in contract-based governance, risk, compliance, cybersecurity, and legal operations work.
7+
Major enterprise and regulated-industry environments across banking, utilities, legal, and technology.
J.D.
Legal training paired with hands-on delivery across cybersecurity, privacy, compliance, and governance programs.
Professional Summary
Juris Doctor and senior Regulatory Governance and Compliance professional with extensive experience developing enterprise-wide policies, procedures, risk frameworks, and regulatory training programs across financial services, healthcare, utilities, legal services, and technology environments.
Deep expertise includes enterprise risk governance, privacy program implementation, cybersecurity control documentation, audit readiness, and regulatory interpretation aligned with NIST, SOX, GDPR, FFIEC guidance, Federal Reserve SR 13-1, and NERC CIP standards.
Recognized for translating complex statutory and regulatory mandates into defensible operational controls, structured documentation systems, and workforce training programs that withstand audit and regulatory scrutiny.
Creator And Architect
Developer of a proprietary Scam Trust Intelligence™ and Risk Governance platform designed for law firms and regulated industries for cybersecurity training and defense.
The platform integrates AI-assisted risk triage, structured decision-tree workflows, audit logging, policy mapping, and compliance reporting to support fraud detection, escalation protocols, and defensible documentation.
The work bridges technical architecture, security considerations, and real-world use cases, making the solution ready for practical blockchain integration.
Core Competencies
Governance depth with technical execution range.
Selected Projects
STI Intelligence
A portfolio project focused on Scam Trust Intelligence and risk governance workflows for law firms and regulated organizations. The platform demonstrates how compliance logic, structured review, and AI-assisted triage can be translated into a usable product.
- AI-assisted risk triage and issue classification
- Structured decision-tree workflow design
- Audit logging and defensible reporting patterns
- Policy mapping for compliance-driven review
- Fraud escalation and documentation support
- Product direction prepared for future blockchain integration
Cybersecurity & Compliance Training
A contract training and curriculum development offering focused on applied cybersecurity, compliance, privacy, risk, and operational decision-making. It is built for organizations that need structured, real-world instruction instead of generic awareness content.
- Instructor-led, hybrid, and self-paced delivery formats
- Custom curriculum architecture, assessments, and rollout planning
- Cybersecurity awareness, scam and fraud education, and OSINT-based reasoning
- Privacy, compliance, risk, regulatory, OSHA, and operational safety training
- SCORM-compliant course design with LMS and CMS-ready delivery
- Scenario-based, gamified, decision-focused learning built for behavior change
Lawyer Software
A legal workflow product concept focused on structured review, evidence readiness, early-stage case evaluation, and issue-based legal analysis. It is designed to help organize facts, surface risk, and support defensible matter assessment.
This larger card leaves room for future expansion as more portfolio material, screenshots, workflows, and supporting case-study content get added.
- Structured legal intake and matter organization
- Evidence readiness and document review support
- Issue-focused risk and claim analysis
- Fraud and inconsistency signal visibility
- Attorney-style outputs for internal review
- Workflow support for early litigation assessment
Professional Experience
Bank of America
Technical Writer, Cybersecurity and Data Privacy Protection
10/2024 – 01/2026 • Contract
- Served within the Enterprise Data Architecture Governance organization supporting enterprise data governance and privacy compliance initiatives.
- Drafted and maintained enterprise policies, standards, and procedures aligned with NIST, SOX, and internal Data Protection Standards.
- Partnered with Legal, Risk, and Compliance stakeholders to operationalize regulatory mandates into governance frameworks.
- Prepared structured documentation packages supporting regulatory examinations and internal audit engagements.
- Developed instructor-led and e-learning modules to operationalize data lifecycle governance and privacy controls.
- Implemented documentation controls in SharePoint and Confluence ensuring policy traceability and version integrity.
Truist
Technical Writer, Cybersecurity and Data Analyst
10/2023 – 04/2024 • Contract
- Authored governance policies addressing encryption, data privacy, secure SDLC, and cloud control frameworks aligned with NIST guidance.
- Documented CI/CD governance processes and API security controls supporting enterprise risk mitigation.
- Delivered compliance-focused training sessions clarifying regulatory control expectations for engineering teams.
- Produced governance documentation supporting cloud lifecycle oversight and AI/ML data-handling compliance.
Wells Fargo
Technical Content Writer, Enterprise Risk Management
10/2022 – 08/2023 • Contract
- Developed enterprise risk governance strategy documentation supporting federal banking compliance.
- Collaborated with Policy Governance teams to standardize business policies aligned with regulatory expectations.
- Prepared documentation for audit review clarifying control ownership and accountability.
- Designed onboarding and compliance training materials supporting regulatory change initiatives.
Intapp
Business Security and Technical Writer
07/2021 – 07/2022 • Contract
- Authored secure integration documentation for REST APIs and cloud-based enterprise platforms serving regulated clients.
- Documented authentication standards, data handling requirements, and secure integration controls.
- Designed structured Confluence and Salesforce ECM repositories with controlled access models supporting governance traceability.
- Collaborated with Legal and IT teams to ensure documentation met contractual, privacy, and regulatory standards.
Wells Fargo
Cybersecurity Analyst Trainer and Technical Writer
01/2020 – 12/2021 • Contract
- Conducted enterprise risk and control gap assessments aligned with NIST and SOX frameworks.
- Drafted cybersecurity policies and governance documentation supporting regulatory reporting obligations.
- Designed secure data flow diagrams and operational workflows documenting sensitive data handling.
- Supported enterprise compliance training and awareness initiatives.
London Stock Exchange Group
Infrastructure Trainer and Compliance Architect
12/2018 – 06/2019 • Contract
- Prepared executive-level risk and regulatory compliance reports within a capital markets environment.
- Designed and delivered governance-centered AWS security and infrastructure training.
- Reviewed and updated cybersecurity and privacy policies reflecting audit findings and regulatory changes.
- Documented incident management workflows supporting regulatory defensibility.
Duke Energy
Cybersecurity Business Analyst
05/2018 – 11/2018 • Contract
- Supported NERC CIP and NIST compliance initiatives protecting critical infrastructure systems.
- Conducted regulatory gap assessments and documented remediation strategies prior to audit review.
- Drafted incident response and secure infrastructure governance documentation.
Law Offices of Michael A. DeMayo
Business Process Analyst and Legal Compliance Consultant
01/2017 – 06/2017 • Contract
- Conducted legal and regulatory compliance assessments under federal and state statutes including U.S.C. Title 42.
- Documented end-to-end legal business processes identifying compliance control gaps.
- Advised leadership on policy controls and sustainable compliance monitoring frameworks.
Wells Fargo and Bank of America
Enterprise Risk and Regulatory Governance Roles
2015 – 2016 • Contract
- Drafted regulatory documentation aligned with U.S.C. Title 12 and Federal Reserve SR 13-1 guidance.
- Performed independent enterprise risk validation, data traceability testing, and statistical sampling.
- Prepared executive compliance reports outlining control deficiencies and corrective actions.
- Supported retrospective regulatory reviews and internal audit engagements.
Education
Juris Doctor
State University of New York at Buffalo Law School
Bachelor of Arts, Political Science and Business
SUNY Oswego
Georgetown Law School
eDiscovery Training Institute and Train-the-Trainer Certification
Certifications And Portfolio
eDiscovery and Digital Evidence Governance
Georgetown Law School eDiscovery Training Institute with focus on digital evidence handling, data governance, litigation readiness, chain-of-custody, and regulatory defensibility.
Selected Work and Portfolio
- Legal intake and decision automation systems
- Investigation and OSINT workflow design
- AI-assisted compliance and risk analysis frameworks
Portfolio projects available upon request at david@aspoonful.com.
Contact
Available for contract work in cybersecurity, compliance, privacy, policy, legal operations, and AI governance.
For consulting, contract roles, platform discussions, or portfolio requests, reach out directly.