Heather Ostrander

• Mapped process activities to identify shortfalls and propose options to rectify operational inefficiencies.
• Analyzing, evaluating, collecting, summarizing Audit evidence and providing direction and guidance to stakeholders concerning the handling of security risks associated with assessment finding, and assist with the design and rolling out of process and procedures for business risk mitigation strategies.
• Created and maintained project artifacts, process and reports as Audit Evidences for SQA audits, TTM phase gates audit, ISO 27000-series, PCI-DSS, ISO, HIPAA, HITRUST, FISMA, FedRAMP, CCM Level and various federal and state privacy laws self-assessments
• Acts as the point of contact to facilitate security risk requirements and management, policy development and maintenance, conducts technical investigations of compliance controls for related industry regulatory issues resulting in successful root cause analysis of intrusions, real-time decisions about incidents as they occur and communication of said solutions to external parties and internal business stakeholders as well a leadership planning dashboards.
• Analyzing, collecting, summarizing information and producing accurate and reliable data for decision making and to support audit compliance in areas such as:

-Access, Authentication, Authorization management,

-Logging, monitoring, and security event management;

-Vulnerability management,

-COTS 3rd party software compliance.

-Disk, file, device, and database encryption;

-Data classification, data tagging, data labeling, and privacy policies

-Secure information storage

• Determine and document business requirements & testing artifacts for 4 different Change Management Tracking Tool, the most recent being Service Now (SNOW) from an End User and Service Desk perspective
• Documented, test and training resources on System and Business Requirement for IT and business users.
• Created testing plans, test cases, test data and defects to ensure design specification, System and Business Requirement are satisfied
• Considered a Subject Matter Expert for many Xerox managed tools and created BrainShark, Computer based training modules, to train international resources
• Coordinated scheduled releases, Change Controls, testing, defects through deployment across multiple projects and multiple teams
• Authored, streamlined, maintained and trained teams on standard procedure documentations to comply with Security/PCI requirements
• Knowledgeable in Networking, routing, firewalls, Active Directory, operating system fundamentals (Windows, UNIX, or mainframe), application programming/scripting languages, technical architecture, relational database management systems, and COTs software levels
• Managed numerous server and software migrations/consolidations cost saving initiatives
• Facilitated numerous disaster recovery simulations, Iron Mountain Escrow deposits, Vulnerability scans, archiving solutions/restores, data migrations, Monitoring/Logging reviews and security compliance assessments.
• Collected, modeled and analyzed data in order to make proactive adjustments to plans and meet all milestones.
• Goals and ongoing development realities.

• Developed and initiated projects, managed costs, and monitored performance.
• Simultaneously managed multiple cross functional projects using exceptional organizational skills, ensuring all members on a project team were aware of current status and tasks to bring actions to closure.
• Perform an impact analysis on any risk, issue or audit finding which affect the project deliverables and scope creep
• Track status on any Change Controls, Requirements and defects for the release from implementation in project planning package
• Determine information and communication needs and effectively distribute information for internal and external stakeholders
• Identified, reviewed and applied policies and procedures.
• Experienced in Project Management (project scheduling and tracking, metrics collection and validation, data analysis and process improvements, meeting facilitation, change control, documentation, and training)
• Chaired project meetings and distributed proper information using PM methodologies such as TTM (Time to Market), CMM Level 2 (Capability Maturity Model), LSS (Lean Six Sigma), QMS,(Quality management System) Agile Planning, & ITIL (Information Technology Infrastructure Library) and SDLC (Software Development Lifecycle) along with Agile software development methodology for internal and external stakeholders

• Performed Disaster Recovery procedures on over 20 systems
• Ensured print sever software was compatible with wide variety of Networks and Network interfaces by performing system tests and documenting all bugs and possible workarounds
• Followed procedures defined by run logs and monitoring systems.
• Mapped data between source systems and warehouses.
• Researched and recorded origins, provenance and historical significance of archival materials.