Responsible for developing, maintaining, and communicating the Information Security Program (ISP), including policies and programs (e.g., Information Security Policy, Risk Management Program, Vendor Risk Management Program, Vulnerability Management Program, Information Classification Policy, Firewall Review Program, etc.) associated with Governance, Risk, and Compliance (GRC). Manages the Risk Management Program, including identifying, scoring, and entering/tracking risks in the Risk Register, as well as maintaining a dashboard used to disseminate risks to executive management and the organization. Develops documentation such as policies, standards, diagrams, data flows, and procedures for internal and external audits.Manages PCI DSS audit activities including interacting with all levels of the organization to disseminate requirements, collect evidence, review and update documentation, deliver evidence to third party auditors, and manage onsite visits and interviews. Responsible for identifying significant changes within the organization as they directly relate to the Card Data Environment (CDE) and ensuring such changes met the PCI DSS requirements. Manages weekly PCI external vulnerability scanning, including ensuring vulnerabilities are remediated, false positives validated and submitted, and submission of quarterly reports to acquiring banks and card brands. Reviews the effectiveness of controls in place within the organization to ensure ongoing compliance.Analyzes and researches the organization’s external security posture utilizing third party websites, tools, and applications as well as remediates issues affecting the organization. Analyzes, researches, and disseminates laws, regulations, and standards to the organization. Performs internal audit functions (e.g., access, authentication, vendor compliance, etc.).

Managed the Compliance and Audit Programs, as an independent and objective body that reviewed and evaluated the organization’s compliance with internal controls. Ensured compliance with the rules and regulations of regulatory agencies and company policies and procedures. Acted as a channel of communication to receive and direct compliance issues to appropriate resources for investigation and resolution. Authorized to implement necessary actions to ensure achievement of the objectives of the Corporate Compliance and Audit Programs.

Managed compliance initiatives for internal and external audit functions, including annual SSAE 16 SOC I Type II audit. Managed and audited internal NERC CIP compliance program. Managed and maintained NERC CIP compliance program for external clients, including working directly with clients' internal and external auditors to meet compliance. Performed internal auditing functions across the organization for both security and compliance initiatives. Maintained compliance and training programs for internal audit functions across the organization including security policy compliance, GLBA, HITECH/HIPAA, PCI, SOX, etc. Managed external audits and ensured compliance with a variety of industry standards (e.g., PCI, NERC CIP, FFIEC, GLBA, SOX, ISO/IEC, etc.).Blogger for company's official Website.

Included Security Committee responsibilities from position above and all responsibilities from the previous position below. Analyzed internal undocumented processes and procedures, created flowchart diagrams, and generated detailed, written procedures. Included interfacing and working with members of all departments in a team environment. Created documentation to support SSAE16 assessments (based on CobiT Control Objectives).Developed, deployed, and maintained entire Security Committee Exception Request (SCER) system, including flowcharts, detailed written procedures, SCER tracking system, online automated PDF form, and archive. Also edited and maintained internal Security Policy and assisted with Human Resource (HR) documentation (e.g., employee handbook, policies, procedures, and legal documents). Acted as Project Manager and Business Analyst for internal Universal Data Project (UDP), which included interfacing with all internal departments, creating flowchart diagrams, gathering requirements, and developing a client service profile form. Developed, deployed, and maintained a Request for Proposal (RFP) process, including a repository, template, tracking system, and detailed training and procedure materials for RTM and Sales staff. Provided content for areas of RFPs, RFIs, and client questionnaires.Reviewed and edited responses for high-profile clients before delivery.

Developed and maintained Statement of Work (SOW) and Amendment templates, integrating all service offerings, for use in documentation automation software and distributed SOW templates to Sales staff. Reviewed and edited SOWs and worked with RTMs and Sales force to resolve language issues and incorporate client requests before moving to Legal department for approval process. Wrote and maintained Service Specifications Documents (SSDs) for all subscription service offerings; interfacing with multiple departments and the Executive Vice President (EVP) of Operations.Worked closely with the SCS team and Technical Security Consultants to develop new service documentation, including scope of work, proposal, SOW, Level of Effort (LOE) matrix, and other supporting documentation.Analyzed, edited, and reviewed SCS assessment reports prior to delivery to clients.Developed project for company’s first Intranet Web site and act as on-going Project Manager. Developed and managed content and interfaces with all internal departments for input to ensure implementation of required resources and tools.Developed and maintained global company templates for use with all internal and external documentation,Interfaced with multiple departments to develop scope, configuration, and installation guides to support services.Managed Subversion (SVN) documentation repository for tracking version history on internal documentation.Developed and maintained Services Lifecycle Matrix (SLM) for tracking Service related documentation.

Wrote User Guides, Bulletins, Release Notes, and Installation Procedures for accounting system software. Produced modular online help, field-level help, and HTML help files in Doc2Help, and integrated help files into proprietary accounting software.Analyzed software early in the development cycle to help identify elements to improve the end-user experience, including window layout and design in the Cobol SP2 editor. Tested beta and pre-release software and reported bugs to development staff. Responsible for producing all online graphics and custom toolbar buttons that appeared in the software.Managed writers, documentation assistants, and administrative staff in daily tasks. This included managing multiple projects for multiple employees, ensuring that all deadlines were met on time. Managed distribution of all documentation, software, and print and mail services. Also developed and tracked client User Group feedback forms.Project Manager for Personnel Action Team process improvement plans, which included an overhaul of all training materials for both employees and client end-users. Also, set up and managed project plans for other PAT team projects.Responsible for all marketing and sales materials, including proposal books, fliers, brochures, newsletters, postcards, and mailers. Answered Requests for Proposals (RFPs) and questionnaires from prospective clients.Designed and maintained the corporate Intranet and Internet Web sites.Designed, developed, and produced all User Group and training course materials.

Designed e-Learning web-based courses for both internal and external clients; simulating how to use CSG’s products and services, in a hands-on environment.Analyzed, interpreted, and created technical information from technical design and requirements engineering documents. Worked directly with subject matter experts, project managers, and programmers to develop course materials. Defined learning objectives, designed instructional strategies, and developed knowledge assessments for e-Learning courses. Assisted in maintaining CSG’s e-learning course catalog.Wrote release communications documents for relaying critical product release information to CSG clients both internally and externally.Set up Oracle projects for tracking project information. Ran expense reports for metrics reporting and converted data to Excel pivot tables for management.Wrote technical documentation in support of core CCS products. Wrote bulletins, user guides, release notes, and created and published .pdf files from documents for distribution on the company Intranet. Analyzed technical design documents and worked closely with subject matter experts.