SUMMARY:

Extensive experience as a technical writer with recent experience supporting ITSecurity departments for PCI, SOX, and GDPR. Knowledge of Agile SDLCprocesses and working with SMEs, developers, and stakeholders to produce deliverables for integration/migration projects as well as process documents to fulfill compliance - driven IT security controls.

CORE COMPETENCIES:

Compliance: SOX, PCI, HIPAA, GDPR

Sprint/Scrum

Agile, Confluence, Jira, ServiceNow, SharePoint

Policies/Procedures, User Guides, SOPs

Word, Excel, Visio, LucidCharts, SnagIt

NIST, COBIT, SANS frameworks

Work with Business Managers, Project Managers, IT Process Owners

Test Plans, Use Cases, QA Process

SailPoint (Identity Management)

PROFESSIONAL EXPERIENCE:

Confidential, New York, NY

Technical Writer/Compliance Analyst, IT Security & Operations

Responsibilities:

• Project Lead/Tech Writer for SOX and PCI Compliance Programs:
• Provide and collect evidence to auditors for SOX and PCI audits, working with IT, Finance, HR, and other departments as needed to resolve deficiencies.
• Understand SOX controls and PCI requirements
• Understand and collect SOC1, SOC2 and SSAE18 compliance reports from Service Providers/SaaS
• Use Confluence and Jira to collect sample evidence and assign to appropriate IT process owner.
• Applications include Oracle Financials, HFM, WorkSmart, ww.com as well as internal ones
• Lead weekly status meetings with external auditors
• Report on status of evidence gathering to senior management
• Write process documentation for Change Management System, Vulnerability Management, Patch Management, Agile Software Development Process; Waterfall Software Development, Incident Management Process, Cardholder Data Environment, mapping to SOX, PCI, and NIST. End users were IT process owners.
• GDPR: Write Incident Management Framework and Process, Right to be Forgotten, Deletion of Unstructured Data, and FAQs
• Create PowerPoint presentation for SOX, HIPAA, and PCI compliance for security awareness for IT dept.
• Update IT Security Policy manual and accompanying IT Security Standards manual ; map to SOX, PCI, GDPR, and HIPAA control

Confidential, Westport, CT

Technical Writer (Contract) - IT

Responsibilities:

• Update process/procedure documents for IT: Change Control Policy, Business Continuity/Disaster Recovery, PC Policy, Application Testing Policies, and Vendor Purchase Software Guidelines.

Confidential, New York, NY

Technical Writer (Contract) - IT Risk & Controls

Responsibilities:

• As part of a baseline Gap Assessment project, develop documentation for 290 controls (procedures/processes) in 12 IT related areas (Access Control, Incident Management, Physical Security, Information Classification, etc.) describing the objective (control), requirements, design, verification, frequency, and compliance.
• Obtain SME feedback and update accordingly
• Map controls to corresponding SANS - CIS Critical Security Controls and Unified Compliance Framework.

Confidential, Berkeley Heights, NJ

Technical Writer

Responsibilities:

• Update policies and procedures for IT Information Security and PCI Compliance, work with SMEs for approval
• Policies include Email Usage, Remote Access, Social Media, Removable Media, Encryption, Password, Record Retention, Patch Management, etc.
• Use Word, Excel, SharePoint, PowerPoint

Confidential, Rye, NY

IT PCI Technical Writer

Responsibilities:

• Gather information from IT security team and SMEs to produce 70 Payment Card Industry (PCI) compliant documents for auditor’s review.
• Documents include Firewall Operations, Anti-Virus Operations Manual, Intrusion Detection Operations Manual, Patch Management Process, Database Operations, etc.
• Maintain issues list (Excel, pivot table) and submit daily status on document progress.
• Used Word, Excel, SharePoint, PowerPoint

Confidential, New York, NY

Technical Writer

Responsibilities:

• Gather information from GPS Support team (SMEs) to create and update Operations Orders, Policies/Procedures and Troubleshooting/support guide for award-winning AVL (Automatic Vehicle Location) web browser based GPS application. Application allows tracking of vehicles through a GIS portal and dedicated CalAmp devices.
• Application received “Best Internal Application Award” 2014 for the Best of NYC Technology Awards in recognition of outstanding accomplishments of the City’s information technology workforce.
• Assess and test application screens to document user guide for web-based SMART (Sanitation Management Analysis and Resource Tracking).
• Use information in Agile stories from QA team to aid in testing and documenting. Functions include Navigation, Personnel, Equipment, Task panels, and Reports.
• Used SharePoint for document management and version control.
• Deliverables include GPS Support Operations Guide, Scripts for Troubleshooting, Use Cases, Operations Orders, User Guides, Quick Reference Guides.

Confidential, Brooklyn, NY

Technical Writer

Responsibilities:

• Business applications include: Commitment Management, Pool Transfer System, Issuer Status Codes, Request Pool Numbers, Salesforce Integration, and Reporting. Modernization components include Oracle Weblogic portal, Oracle Weblogic SOA, and Informatica.
• Deliverables include Use Cases, Technical Design Documents, User Guides, Quick Reference Card, Training Plan, Test Plan, Data Conversion Plan, Decommission Plan, Implementation Plan, Storyboards (Powerpoint), Run Book.
• Document deliverables for Mortgage Industry Standards Maintenance Organization (MISMO) project, attend meetings with stakeholders to document data element changes to data set and identify business rules to ensure compliance with MISMO. Business need is to submit xml file in MISMO-compliant format to obtain pools for mortgage-backed securities. Deliverables include a Current State document, Level of Effort document, Resource Plan, Communication Plan, and Project Charter.
• Used SharePoint for document management and version control.
• Use ALM to analyze defects from QA and UAT testing to determine new requirements and updates to Technical Design Documents and User Guides.

Confidential, New York, NY

Technical Writer/Business Analyst

Responsibilities:

• Created functional documentation, data store requirements for relational database (Oracle); Logical Architecture Interoperability, and Cyber Security framework; Cyber Security Plan, Use Cases; RFP, Statement of Work, and technical interface documents. Functionality includes Confidential visualization, decision aid technology, demand response, distribution generation, curtailment, cyber security, third party interfaces, messaging, and reporting
• Created process flows and interface/network diagrams (Visio).
• Map functionality to DOE objectives and NIST standards and trace their progress throughout the project.
• Lead/Coordinated functional testing with Confidential team: write 50 functional tests to verify data as well as functionality, assign tests to team, ensure execution and accuracy of tests.
• Worked with Information Resources department to develop environments (development, test, production) and configurations for Confidential project and maintain punch list.
• Coordinate meetings and engage with project participants/vendors from other companies to accomplish project goals and objectives.
• Track and follow-up on project tasks related to requirements, functionality, documentation, and documentation approvals.
• Used SharePoint for document management and version control.

Confidential, Danbury, CT

Technical Writer

Responsibilities:

• Updated SOPs that supported regulatory objective 21 CFR 11 (electronic signature).
• SOPs included procedures for IT functions such as disaster recovery, database maintenance, standard workstation build, and software development lifecycle methodology.
• Updated Software Design Specifications, User Requirements, Statement of Work, and ongoing changes for company intranet portal solution enterprise management system (Day CQ5 ).
• Coordinated workflow effort in Documentum to provide and obtain signatures on approved Work Instructions and SOPs (Standard Operating Procedures).

Confidential, Mt. Kisco, NY

Technical Writer/Business Analyst

Responsibilities:

• Gathered requirements for conversion/integration project from AS400 to web-based browser (Infinity) for Insurance administration software.
• Analyzed trouble tickets for software-related issues and escalated to appropriate area.
• Created process documents and process flows (Visio) for current processes for the 5 departments.
• Created user documentation and workflow diagrams for ImageRight document management and workflow system software for Underwriting staff. Tasks included policy quote, bind, and issuance.
• Using SDLC methodology, ensured all deliverables including change control specifications, functional specifications, technical specifications, test plans, implementation validation plans, and user documentation were met in a timely fashion.
• Managed the backscanning effort and supported and solved system support tickets for ImageRight and AS400 issues.
• Conceptualized and wrote Software Change Specifications and test plans for current system to integrate it to new system.

Confidential, Groton, CT

Technical Writer

Responsibilities:

• Updated Project Plan templates and ensured deliverables were met for the migration and retirement of 93 applications as part of the ATS (Adapting to Scale) project.
• Deliverables included requirements specifications, test plans, deployment plans, and checkpoint meeting minutes.
• Coordinated the evaluation of 46 IT SOPs and their transfer from the R&D SOP system to the IT SOP System.
• Audience was System Administrators for validated computer systems. SOPs included System Maintenance and Management, Backup and Recovery, User Account Management, Archive procedures, Security, IT Support Training, Software Versioning, etc., both at the infrastructure and application level.
• Project involved interviewing and gathering information from IT staff to determine if SOPs needed to be retired or replaced, and updating/reformatting the information into Work Instructions (WI).
• Used Documentum eroom and SharePoint for document management and version control.
• GCP training class

Confidential, Ridgefield, CT

Technical Writer

Responsibilities:

• Wrote User Guide for secure data transfer system.
• Audience was System Administrators.
• Documentation included system components and hardware configuration, application and driver software, installation for the environment (Windows, Linux, and Unix), running the application, and troubleshooting.
• Wrote and updated OEM Installation Manual.
• Wrote a Disaster Recovery Planning Policy explaining how to develop and implement a disaster recovery plan for Sarbanes-Oxley compliance.

Confidential, New York, NY

Technical Writer

Responsibilities:

• Wrote system documentation for PeopleSoft system administrator responsibilities to support Sarbanes-Oxley compliance.
• Worked with Business Process Owners to develop Sarbanes-Oxley (SOX) process documents including narratives, risk control assessment documents, control procedures, test procedures, process walkthroughs, and flow charts detailing processes and IT controls relating to IT functions.
• Updated System Administrator documentation for Sarbanes-Oxley 404 compliance and coordinated with management to remediate internal control deficiencies (Stanley Tool).
• Documented Sarbanes-Oxley (SOX) process documents including narratives, risk control assessment documents, control procedures, test procedures, process walkthroughs, and flow charts detailing processes and IT controls relating to IT functions.

Confidential, Stamford, CT

Technical Writer

Responsibilities:

• Updated 35 IT SOPs, Work Instructions, corresponding templates, User Guides, and training presentations for IT Compliance Department’s migration project. SOPs included Data Migration for Computer Systems, Technical Installation Plan, Requirements Specification, System Design Specification, Decommission Plan, Backup and Recovery of Computer Systems, Qualification Plan for Infrastructure Systems, Risk Assessment for Infrastructure Systems, Change Control for Components and Infrastructure Systems, Information Protection, etc.
• Wrote a PeopleSoft User Guide and a quick reference card for SOP trainers.
• Updated training material presentations for SOP classes in PowerPoint.
• Set up data and tested user and document information for SOP document migration into eDocCompliance.
• Coordinated, scheduled and updated employee attendance records for IT SOP classes in PeopleSoft.

Confidential,Trumbull, CT

Technical Writer

Responsibilities:

• Created functional design specifications for custom reports and processes in Oracle Financials 11i Payables, Purchasing, Inventory, Fixed Assets, and General Ledger.
• Conducted requirements gathering and project review meetings.
• Effectively translated business needs into specifications used by the development staff to create technical design and programming code. Using SDLC methodology, wrote functional specifications, UAT test plans, and implementation validation plans for electronic claims payment process, self-funding process, modifying explanation of benefits information, customizing/modifying claims reports, and data conversion. Electronic claims payment process resulted in timely remittance and funds transfers, increased accuracy and efficiency and increased provider/client satisfaction.
• Tracked and maintained Vantive tickets for user problem resolution with Oracle Financials.
• Fulfilled Oxford’s EDI insurance regulatory requirement by researching and analyzing HIPAA 835 EDI Health Care Claim Payment/Advice Implementation Guide to produce functional design and test specifications.
• Gathered information and wrote procedure-oriented User guides for GUI-based Healthcare Management system (PULSE) and Oracle-based Purchasing and Inventory applications used by employees.
• Wrote product bulletins and information (FrameMaker) for online company intranet. Other applications written for included Billing, Provider Relations, Products and Benefits, Reinsurance, Self-Funded, Medicare and Medicaid Member Enrollment, Pricing of Ambulatory Surgery Hospital Claims.