Business Analyst Software Development

PH: +1-860-***-****

Email: *************@*****.***

PROFESSIONAL SUMMARY

• Results-driven IT Compliance Business Analyst with over 9 years of experience supporting complex IT systems, delivering GRC (Governance, Risk, and Compliance) solutions, and managing IT audits across healthcare and government sectors.

• Demonstrated history of supporting software development projects by acting as a bridge between business stakeholders and IT teams, ensuring compliance with industry regulations including HIPAA, FERPA, and NIST frameworks.

• Extensive experience in facilitating security accreditation processes, including creating System Security Plans (SSP), conducting Risk Assessments (RA), drafting Plan of Action and Milestones (POAM), and supporting Authority to Operate (ATO) initiatives for state-level departments.

• Proven track record in leading audit evidence collection and preparing supporting documentation for IT system audits involving PCI, HIPAA, and FERPA compliance mandates.

• Experienced in crafting and maintaining Disaster Recovery Plans (DRP), Business Continuity Plans (BCP), and Incident Response Plans, with an emphasis on maintaining operational resilience and business continuity.

• Possesses a deep understanding of the Software Development Lifecycle (SDLC) with hands-on involvement in requirements gathering, UAT coordination, and post-deployment compliance validation.

• Highly skilled at preparing detailed oral and written reports, delivering presentations to cross-functional teams, and leading compliance review meetings with stakeholders, auditors, and external vendors.

• Strong background in using Microsoft Office Suite to produce thorough project documentation, data tracking tools, and regulatory compliance deliverables.

• Skilled in using compliance frameworks and GRC tools to support large enterprise systems across healthcare payers, providers, and public sector entities.

• Hands-on experience with application vulnerability scanning onboarding, including collaborating with development and security teams to initiate and monitor scan cycles and resolve findings.

• Served as liaison between business, IT, and vendor teams to ensure seamless coordination of compliance processes, remediation efforts, and audit-related activities.

• Worked on systems requiring data classification, asset inventory management, and risk mapping to align with MiSAP and equivalent accreditation processes.

• Played a key role in managing change control documentation and compliance-related SDLC artifacts throughout project lifecycle phases.

• Led the interpretation of regulatory frameworks and trained teams in understanding state and federal compliance policies and how they translate to IT operations and development.

• Effectively participated in IT governance reviews, enhancing audit credibility and ensuring readiness for both internal and external compliance audits.

• Contributed to process development and audit support for mobile and web-based platforms, focusing on secure integration with state infrastructure.

• Exhibited excellent communication and leadership skills, having coordinated cross-functional teams on compliance tasks involving development, QA, and DevOps professionals.

• Delivered risk mitigation strategies and partnered with stakeholders to develop actionable compliance roadmaps, timelines, and project plans.

• Maintained consistent involvement in security and privacy initiatives across all levels of IT governance, with particular strength in aligning with State of Michigan security practices.

• Dedicated to building audit credibility, enabling departments to achieve timely security accreditations and maintain sustainable compliance postures.

TECHNICAL SKILLS

• Compliance & Governance: NIST 800-53, HIPAA, FERPA, PCI-DSS, MiSAP, ATO, POAM, Risk Assessment, System Security Plan (SSP), Disaster Recovery Plans, Business Continuity Plans, Incident Response Plans, Security Accreditation, Data Classification

• Audit & Documentation: Audit Evidence Collection, Compliance Framework Interpretation, SDLC Artifacts, Audit Response, Vulnerability Remediation Reports, Change Management Documentation, SOPs, Risk Register Maintenance

• Business Analysis & SDLC: Requirements Gathering, UAT Support, Agile, Waterfall, Scrum, Process Improvement, Gap Analysis, Business Process Modeling, Use Case Documentation

• Project & Stakeholder Management: Cross-functional Collaboration, Vendor Liaison, Regulatory Compliance Training, Project Reporting, Meeting Facilitation, Stakeholder Engagement, Communication Planning

• Tools & Platforms: Microsoft Office Suite (Word, Excel, PowerPoint, Visio), SharePoint, Jira, Confluence, ServiceNow, GRC Tools, Microsoft Teams, Zoom, Azure DevOps

• Security & Vulnerability Tools: Application Vulnerability Scanners, Risk Mitigation Tools, Data Protection Frameworks

PROFESSIONAL EXPERIENCE

Senior IT Compliance Business Analyst

Client: State of PA Location: Harrisburg, PA

Project Name: Medicaid Member Satisfaction Survey Integration

Duration: Aug 2022 - Present

• Led the security accreditation process for new systems integrating with state infrastructure, adhering to MiSAP and ensuring Authority to Operate (ATO) requirements were fulfilled.

• Developed comprehensive System Security Plans (SSP), performed Risk Assessments (RA), and established POAMs in collaboration with technical and compliance teams.

• Facilitated compliance reviews and walkthroughs, partnering with internal auditors and third-party vendors to validate system controls and audit readiness.

• Oversaw creation and periodic updates of Disaster Recovery Plans (DRP) and Business Continuity Plans (BCP) across mission-critical systems.

• Coordinated incident response planning activities, ensuring documented processes aligned with state-level GRC frameworks.

• Prepared oral and written reports on compliance status, security gaps, and risk exposures to executive leadership and governance committees.

• Used MS Office Suite and SharePoint to maintain and distribute project documentation, compliance artifacts, and policy training materials.

• Guided cross-functional teams through vulnerability scanning onboarding and issue remediation cycles, working closely with development and DevSecOps teams.

• Trained project teams on interpreting regulatory frameworks, such as NIST 800-53, HIPAA, and FERPA, to ensure appropriate control implementation.

• Served as the point of contact between IT, business units, and vendor teams, ensuring alignment on compliance timelines, deliverables, and responsibilities.

• Led multiple compliance tracks under tight project schedules, maintaining adherence to SDLC practices and change control protocols.

• Built risk mitigation strategies to help departments meet deadlines without sacrificing compliance quality or audit integrity. Maintained audit tracking matrices and delivered weekly compliance updates to leadership.

• Documented compliance findings, assigned action items, and followed up until resolution to maintain audit preparedness.

• Collaborated with state-level teams to map system components, data flows, and risk vectors to required security controls.

• Acted as a subject matter expert on GRC tools, managing configuration and usage across project teams. Interfaced with external stakeholders and state representatives during scheduled and ad-hoc compliance inspections.

• Managed updates to compliance playbooks and onboarding guides used by new hires and partner agencies.

Healthcare Compliance Business Analyst

Client: United Healthcare / Optum Location: Eden Prairie, MN

Project Name: LIMS Automated Reporting System

Duration: Sep 2020 - July 2022

• Led initiatives to align enterprise healthcare platforms with HIPAA and FERPA mandates, developing audit frameworks tailored to each system’s lifecycle.

• Collaborated with developers and architects to integrate GRC policies directly into Agile-based software development lifecycles.

• Designed and maintained audit response documentation, managing evidence across multiple audit cycles and maintaining traceability.

• Created Incident Response Plans and reviewed escalated cases for process breakdowns, developing action plans to improve future response.

• Developed Disaster Recovery Plans (DRP) and BCPs tailored to payer systems, ensuring minimal downtime and maximum compliance.

• Partnered with external auditors during scheduled audits to present relevant evidence and walk through control implementations.

• Prepared risk assessments and security gap analysis reports for multiple internal systems under migration to new cloud infrastructure.

• Worked with data classification teams to properly label, categorize, and store sensitive health and financial data in compliance with PCI-DSS and HIPAA.

• Contributed to internal security control framework development, mapping organizational policies to external compliance standards.

• Engaged with stakeholder groups to communicate compliance expectations, timelines, and technical constraints.

• Produced training materials and delivered live sessions to educate teams on compliance best practices and regulatory interpretation.

• Created end-to-end audit dashboards and compliance trackers to support weekly reviews with compliance executives.

• Served as liaison between business units, developers, and external vendors, improving alignment on GRC topics.

• Helped establish onboarding documentation and guides for application vulnerability scanning, integrating results into issue management platforms.

• Reviewed vendor contracts and third-party risk assessments to ensure GRC compatibility with enterprise systems.

• Led requirements sessions for compliance-specific features, capturing user stories and translating them into actionable tasks.

• Delivered quarterly compliance metrics and strategic recommendations to healthcare leadership for investment planning.

• Documented control descriptions, supporting evidence, and residual risk justifications for submission to compliance board reviews.

IT Business Analyst

Client: Eton Pharmaceuticals Location: Deer Park, IL

Project Name: QHIN Data Quality Assurance

Duration: Aug 2018 – Aug 2020

• Performed gap assessments across internal systems and business processes, aligning them with pharmaceutical compliance standards.

• Developed and maintained business continuity plans for core enterprise applications supporting manufacturing and logistics.

• Collaborated with vendors and legal to ensure third-party systems met corporate security guidelines and documentation requirements.

• Collected and validated audit evidence for software platforms supporting research and clinical trial workflows.

• Participated in security walkthroughs and document reviews with internal compliance and external auditors.

• Provided training sessions to end-users and IT staff on updated compliance protocols and changes in applicable regulations. Assisted in developing custom compliance scorecards to monitor adherence across departments.

• Created visual workflows and flowcharts mapping current vs. desired control states for reporting to executives.

• Maintained all project documentation in Microsoft SharePoint and ensured document version control protocols were followed. Acted as compliance SME for application upgrades and change management review boards.

• Collaborated with Quality Assurance and Regulatory Affairs teams to align documentation processes with GRC objectives.

• Facilitated requirements gathering sessions with IT and business to support system validation procedures.

• Reviewed existing disaster recovery and incident response plans, recommending updates aligned with evolving risk landscape.

Risk Analyst

Client: Biohaven Health Location: New Haven, CT

Project Name: Medicare Claims Conversion Testing

Duration: Feb 2016 – July 2018

• Assisted in conducting risk assessments and documented mitigation strategies across clinical systems and research tools.

• Reviewed and updated system security documentation, ensuring alignment with early-stage healthcare product requirements.

• Worked with internal stakeholders to prepare for compliance audits, compiling evidence and preparing response documentation.

• Helped implement changes to internal IT governance policies based on auditor feedback and industry standards.

• Maintained internal audit tracking tools, managed deadlines, and followed up with responsible parties to close outstanding issues.

• Used Microsoft Excel to develop compliance status dashboards for executives.

• Collaborated with business and IT units to create process improvement recommendations that reduced control failure risk.

• Supported development teams in building compliant system features within Agile sprint cycles. Trained junior analysts and new hires on compliance workflows, documentation standards, and tool usage.

• Managed version-controlled documentation libraries, adhering to internal and regulatory standards. Participated in validation activities for SaaS products used by research and trial teams.

• Reviewed findings from vulnerability scans and tracked remediation tasks to completion. Actively contributed to incident response table-top exercises and supported policy documentation updates.

Contact this candidate