Post Job Free
Sign in

Senior Cybersecurity Technical Writer - Governance, Risk, Compliance

Location:
Norwalk, CT
Posted:
May 13, 2025

Contact this candidate

Resume:

DIANE V. REITER

** ****** ****** #*** *** Canaan, Connecticut 06840 203-***-****

********@***.*** https://www.linkedin.com/in/diane-reiter-4a32781/

SEEKING A REMOTE ROLE INVOLVING TECHNICAL WRITING, CYBERSECURITY AND BA WORK

A proactive, resilient, and results-driven Information Technology professional with extensive expertise in developing and delivering all forms of technical writing including business requirements, solution architect documents, process documents, policies/procedures, standards, IT control documentation, runbooks, user guides, SOPs, flow diagrams, whitepapers, and KBs. Effective team player who collaborates with business/project managers, SMEs, IT process owners, and engineers to produce deliverables for IT projects as well as compliance-driven IT security controls. Knowledge of IT security and compliance, CIS controls, ITIL, IAM, SOX, PCI, HIPAA, ISO 27001 and GDPR compliance, Agile, SDLC and Sprint/Scrum. Prefer working on a Cybersecurity or IAM team.

CORE COMPETENCIES

Confluence, Jira, SharePoint, Teams, MS Word, Excel, Google Docs, Visio, PowerPoint, LucidCharts, GitlHub, Snagit, IAM, API Documentation, Workflows, Frameworks (COBIT, ISO, SANS, ITIL, SOC1), NIST SP 800-53, ISO 27001, Markdown, CIS Benchmarks, FFIEC,NCUA Regulations

PROFESSIONAL EXPERIENCE

Navy Federal Credit Union (Hays US Corporation) remote

Sr. Technical Writer - Security, SGR May 2023 – April 2025

As a member of the Control Procedure Management Team within Security, Governance, and Risk Dept: (SGR):

Using a Word template and various source documents such as SOPs, create Security Control Procedures that map to company Standards and legal/regulatory obligations for the following:

oControl Procedures Process

oSecurity Control Standards Management – procedure describing how to create and update Security Standards - initiative to simplify and combine standards and align to NIST SP 800-53 moderate baseline for domains, control objective, controls, and control attributes

oAdvanced Risk Assessment (ARA) Program

oAsset-Based Testing Procedure (CDA and CPA)

oData Transfer Authorization Process

oSecurity Process Assurance & Regulatory Compliance Controls Testing Process (CDA and CPA)

oPolicy Exception Handling

oMonitoring and Remediating Policy Exceptions

oCyber Initiatives - Submitting Smishing Numbers for Takedown

oSocial Engineering – Employee Phishing Simulation Testing and Reporting

oSecurity Regulatory Liaison – Internal and External Audit procedures, Issue Negotiation, External Audit Examination Preparation

oSecurity Training for Fraudulent Activity and Physical Security

Update, maintain and work with IT Security Engineers to complete templates for Solution Architect documents, SOP for how application codes use IAM (Provisioning for joiners, movers, leavers, Certification and Recertification, Multifactor Authentication, Single Sign on, Privileged Access Management), Lifecycle Management SOP, Capacity Management SOP, Privileged Access Document (PAD). Work with Technical Owner to produce draft and secure approval with Application Owner. Examples of app codes include BMP (proxy gateway), F5A (Load Balancers), PKI, DLP, Firewalls, Splunk, Netscout, NPM (Network Performance Monitoring), NSC (Netscout).

Update SGR Policies and Standards: Acceptable Use, IAM, Domain Standard, Change Management, etc.

Work with Business Unit SMEs and secure approval from SG&R Manager and Control Procedure Owner

Work in agile scrum environment using Kanban board to create stories for each Control Procedure or SOP, and track and move from Scoping Drafting Leadership Review Control Owner Approval Publish to Library Done

Send 60 and 30-day advance email notifications to Control Procedure Owners for annual review of their Control Procedures and work with them on major and minor updates and follow to completion

Collaborate and educate Business Units to embed Control Procedure Management support into their processes (Risk Control Self-Assessment, Control Design Assessment failures, Regulatory Liaison Office, Issue Management)

Align control procedures to Information Security standard(s), NIST SP-800-53, ISO 27001, NIST CSF, Navy Federal Legal and Regulatory obligations such as FFIEC and NCUA

Use ServiceNow, DevOps Kanban board, Word, Excel, Visio, PowerPoint, Webex, Snagit, and SharePoint

State of Maryland (Apex Systems) remote

Control Implementation Specialist/Technical Writer October 2022 – April 2023

State of Maryland Cyber Remediation:

Create, edit, and maintain cybersecurity compliance and implementation documentation for current and future applications (AWS, Google Workspace)

Support internal peer review and quality assurance efforts, assemble documentation for audits and ensure that documentation is compliant with governance policies

Collaborate with platform analysts, project managers and subject matter experts to collect and interpret their input for security compliance guides (scg)

Use Monday.com, ServiceNow, Word, Excel, Visio, PowerPoint, Microsoft Teams, Google Meet, Snagit and SharePoint

Biogen (SSI People) remote part-time

Governance Documentation Specialist May 2022 – December 2022

Working for Data and Analytics Governance, Commercial Information Management and Operational Analytics to support strategies and documentation requirements for Customer Excellence and Operations group:

Schedule meetings with Functional Leads and other stakeholders to identify KPIs (key performance indicators) and metrics; write meeting minutes and share, update repository with KPIs and corresponding information pertinent to the business, maintain change log of metrics that changed

Create and update process documentation: Data Acquisition and Procurement Process; Data Sharing Between Biogen and Sage; Data Deletion process (GDPR), RADAR intake process (allows users to request reports and extracts from the Operational Analytics and Data Management teams); Patient NBA (Next Best Action); understand workflows and process to create these documents

Use Word, Excel, Visio, PowerPoint, Microsoft Teams, Snagit,and SharePoint

Southwest Airlines (Saratoga Software Solutions) remote part-time

Sr. IAM Technical Writer January 2022 – October 2022

Build, update, standardize, and enhance documentation in the IAM space that is used primarily by Operations support team, but also shared across all IAM team members

As part of a devops Agile team, participate in daily sprint meetings, planning meetings, and PingFederate setup troubleshooting work sessions to document potential issues and procedures for how to resolve them

Create Confluence pages for PingFederate procedures (SAML, OIDC,), PingFederate Solution Design documentation, IGA technologies, Driver documentation, use Gitlab to retrieve technical schema information

Update MyAccess Runbook – reformat, update screenshots, work with SMEs to validate procedures, audience is system administrators. Use and understand CyberArk for password vault.

Write, publish, and update KB articles to ServiceNow on IAM how to’s

Use Confluence, Jira, Gitlab, Excel, Visio, Snagit, Microsoft Teams, and SharePoint

United Airlines (Pinnacle) remote

Cybersecurity Technical Writer/BA, IT GRC April 2021 – March 2022

Under the direction of the Sr. Manager, IT Compliance, GRC, create IT Information Security Standards and Implementation Guides: research industry standard, work with GRC team and SMEs to review and approve documents.

Standards completed: Oracle Database Security Standard, Windows Server Security Standard, Apache Web Server Security Standard, MS IIS Web Server Security Standard, MS SQL Server, Windows 10 Security Standard, Active Directory Security Standard, Logging Security Standard, WebSphere Security Standard, Oracle Enterprise Linux Security Standard, Amazon Linux Standard, MongoDB Security Implementation Guide, Couchbase Security Implementation Guide, DNS (Domain Name System) Security Standard, Database Security Standard, VMware Security Standard, AWS Cloud Security Standard

Use CIS Benchmarks, NIST SP 800-53, 800-171, SP-81-2, and vendor information as source material for standards

Work with technical member of GRC team to determine customized settings for standards based on Qualys PC recommendations

Use Axonius to determine server version information for end of life support

Use Word, Excel, Visio, Microsoft Teams, Snagit, and SharePoint

Mattress Firm (Isphere) remote

Technical Writer/BA, IT Feb 2021 – April 2021

Documentation support for lift and shift of ERP from AX2012 to D365 Finance and Operations: responsible for external audit requests including solution architecture information, interfaces, application support, process narratives, Fastpath configurations for access control. Solution aligned with APQC.

Collaborate with service providers (Microsoft and Visionet Systems) to produce accurate documentation

Runbook for D365 Back office site move configurations – audience is IT App Support and IT Security team.

Used Word, Excel, PowerPoint, Visio, SnagIt, Microsoft Teams, and SharePoint

Fannie Mae (Blackstone Technical Group) remote

Compliance Technical Writer, Cloud Security Team Oct 2020 – November 2020

Documentation support for Cloud Compliance Group– Created Infographic (Visio) describing cloud controls, standards, metrics; AWS Endpoint Protection narrative, Logging & Monitoring Narrative, Vulnerability Management Narrative; compile information for comparison of three cloud security products.

Used Word, Excel, PowerPoint, Visio, Microsoft Teams, and SharePoint

Odyssey Group (Eliassen Group) remote

Technical Writer/BA, IT GRC, PMO, DPO June 2020 – September 2020

Documentation support for SOX Narratives for company internal audit– Infrastructure, Logical Security, Physical Security, Windows Servers and Workstations, Replication & Recovery, Operations & Production Support, Recertification, Financial applications, Active Directory, File Shares, Secret Server, etc.

Reformatted and created templates for above to improve documentation

Maintained document statuses for documents requiring approval and was proactive in getting approvals

Worked proactively with SMEs in Network Technology Group and IT Security to produce accurate and complete documentation

Created runbooks for Active Directory and Infrastructure

Wrote a KB for encryption

Used Word, Excel, PowerPoint, Visio, Snagit, Microsoft Teams, and SharePoint

UTC Corp. (MorganFranklin) Farmington, CT

Technical Writer/BA, Carrier Separation Project, Cybersecurity Team Dec. 2019 – April 2020

Documentation support for Carrier spin-off from UTC for 4 Cybersecurity towers (GRC, Cyber Fusion, Product Security, and Security Architecture & Engineering)

Created SOX Testing document for controls, IAM procedures for SOX controls, Visio flows for same, assisted with SOX training for IT Process Owners, Application Owners, and Business Owners

Documentation support for IAM processes – PAM, SSO, and IGA, IAM whitepaper, communications plan, and operations documentation

Worked with SMEs, PMO, PAM and SSO Solution Architect, Technical Lead and Associate Director IAM to obtain information for documentation. Created PowerPoints for TSA (Transition Service Agreement) for IGA (SailPoint), PAM, and SSO (Okta).

Used Word, Excel, PowerPoint, Visio, Snagit, and SharePoint

REGENERON PHARMACEUTICALS, INC. (Atlas) Tarrytown, New York

Sr. Technical Writer, IT Strategic Planning & Compliance 2018-2019

Lead writer for Technology Standard Documents: worked with technical SMEs for the following IT Technology architecture domains: Security Architecture, Data Architecture, Network Architecture, and Compute, e.g. IAM, Disaster Recovery, Backup & Recovery, Compute (Cloud, Storage), DaaS (Desktop as a Service), Technical Operating Systems.

Converted static documentation (PDFs, Word) to online (Confluence) for modernization and continuous improvement goal

Wrote KBs and Tech Helps for end users of laboratory diagnostics instruments for online access

Wrote Confluence pages for AWS (how to request, configure, and use) and accompanying Tech Helps

Managed IT document processes, repositories, and quality across all the IT teams and functions, driving adherence to standards, style guidelines, templates, and policy.

Wrote and updated Operations/Support/Runbooks for GxP systems

Used Confluence, Jira, Word, Visio, PowerPoint, Excel, SharePoint, ServiceNow to produce all the above

WEIGHT WATCHERS (perm job) New York, New York

Information Security Analyst/IT Security and Compliance 2016-2018

Under the direction of Sr. Director IT Security & Compliance and later (1/2018) VP, Global Cybersecurity:

Updated IT security policy manual (21 policies) and accompanying security standards manual; mapped to SOX, PCI, GDPR, and HIPAA controls.

Oversaw project management for SOX and PCI compliance programs; Worked with external auditor to coordinate walkthroughs with IT process owners for all SOX controls and PCI requirements.

Used CIS Benchmarks for server hardening

Worked with IT Audit on gap assessment for information security policies and standards

Wrote about, collected evidence, and acquired knowledge of security technologies as they applied to PCI. These included encryption, network security, patching, intrusion detection, and Incident management.

Used Confluence, Jira, Word, Visio, PowerPoint, Excel to produce all the above

EDUCATION & PROFESSIONAL DEVELOPMENT

Franklin & Marshall College, Lancaster, Pennsylvania- B.A., Spanish, Minor in Economics

Mercy College, Dobbs Ferry, NY- Computer Certificate Information Mapping® - Developing Policies, Procedure, and Documentation Norwalk Community College - Accounting Certificate Tutorials in Documenting APIs

Python class–9/22 International Information System Security Certification Consortium (ISC2)candidate for Cybersecurity certification

Other:

Board Member for Condo Association with The Property Group, Stamford, CT

Member of Encore Social Club, New Canaan, CT and EATs, active member of Pilates Studio and YMCA



Contact this candidate