Profiles search
April Vroom
Principal – Information Security Governance & Assurance Analyst
Chattanooga, TN, United States
Details
Experience:
• Identify areas of risk, negative impacts, and opportunities for improvement within the Information Security and Technology areas in regards to reporting, regulatory compliance and business operations before audits are conducted.
• Develop and monitor activities for the Information Security Assurance Program related to regulatory and policy requirements, audited topics, and critical Information Security and System processes.
• Management and administration of Information Security and Technology controls, policies and processes, including Model Audit Rule, SOC 1, SOC 2, Payment Card Industry (PCI), NIST, COBIT and other compliance initiatives.
• Lead for audit request tracking for Information Security and Systems, fulfillment and final report content, including weekly and monthly metrics.
• Develop management responses and assist with identification of remediation actions for audit findings.
• Perform reviews of in-scope audit control wording, narratives, and application validation
• Manage the annual Payment Card Industry (PCI) attestation; PCI requirement narrative completion, Self Attestation Questionnaire (SAQ) completion; quarterly scan reports to the bank.
• Process and complete security questionnaires; RFP (Request for Proposal), during contract review, annual customer requests
• Write and manage updates to procedures for daily tasks required to support the Information Security Governance and Compliance functions.
2018 : Present
BlueCross BlueShield of Tennessee
Principal – Information Security Governance & Assurance Analyst
• Identifying areas of risk, negative impacts, and weaknesses within the IT area in regards to reporting, regulatory compliance and business operations before audits are conducted.
• Management and coordination of IT controls and policies and processes, including Model Audit Rule, SOC 1, SOC 2, Payment Card Industry (PCI), ITIL, SAS70, COBIT and other compliance initiatives.
• Responsible for audit request tracking, fulfillment and final report content, including weekly and monthly metrics.
• Develop management responses and assist with identification of remediation actions for audit findings.
• Conduct assurance efforts in preparation for Internal and External Audits; provide Management Result Reports & Recommendations.
• Perform reviews of in-scope audit control wording, narratives, and application validation
• Prepare monthly PCI narratives for distribution; manage collection process, narrative tracking and status reports to management
• Process and complete security questionnaires; RFP (Request for Proposal), during contract review, annual customer requests
• Conduct assurance activities such as Information Technology Policy and Standard reviews, FIM (File Integrity Monitoring), PCI email quarantines
• Write and manage updates to procedures for daily tasks required to support the Information Security Governance and Compliance functions.
2015 :
BlueCross BlueShield of Tennessee
Information Security Governance and Compliance Consultant II
Technical Writer in the Technology Shared Services Division at BCBST.
• Compose and edit policies, standards, procedures and job aides while adhering to all applicable regulatory requirements and/or specific guidelines.
• Work with subject matter experts to gather technical data; analyze and interpret data to determine appropriate syntax, style and grammatical usage.
• Publish, update and archive documents according to the standard process. Monitor documents and communicate with document owners, when applicable, regarding compliance with annual document review requirements.
• Execute related tasks for document control system and documentation change control process : distribution, revisions, and records.
• Coordinate, edit and publish executive reporting of critical projects and initiative updates.
2013 : 2015
BlueCross BlueShield of Tennessee
Technical Writer II
Assistant to Division VP, meeting minutes, communications, data collection, proof reading/editing, weekly executive reports, organizational charts, seating charts, coordination of financial reports, division and departmental budget review, office supply procurement, contract and purchase order review and processing, special projects, coordination of all staff meetings, process training, and policy development.
2010 : 2013
BlueCross BlueShield of Tennessee
Executive Administrative Assistant to VP of Technology Shared Services
Assistant to CEO, supervision of medical secretaries and support staff, meeting minutes in accordance with regulatory guidelines, physician credentialing for large hospital medical staff, policy and procedure review, contract review, meeting coordination, projects, special events, assistance with resolution process, chart audits for business office, payroll, and accounts payable.
2004 : 2010
HealthSouth Rehabilitation Hospital
Administrative Supervisor, Assist. to CEO
• Develop and monitor activities for the Information Security Assurance Program related to regulatory and policy requirements, audited topics, and critical Information Security and System processes.
• Management and administration of Information Security and Technology controls, policies and processes, including Model Audit Rule, SOC 1, SOC 2, Payment Card Industry (PCI), NIST, COBIT and other compliance initiatives.
• Lead for audit request tracking for Information Security and Systems, fulfillment and final report content, including weekly and monthly metrics.
• Develop management responses and assist with identification of remediation actions for audit findings.
• Perform reviews of in-scope audit control wording, narratives, and application validation
• Manage the annual Payment Card Industry (PCI) attestation; PCI requirement narrative completion, Self Attestation Questionnaire (SAQ) completion; quarterly scan reports to the bank.
• Process and complete security questionnaires; RFP (Request for Proposal), during contract review, annual customer requests
• Write and manage updates to procedures for daily tasks required to support the Information Security Governance and Compliance functions.
2018 : Present
BlueCross BlueShield of Tennessee
Principal – Information Security Governance & Assurance Analyst
• Identifying areas of risk, negative impacts, and weaknesses within the IT area in regards to reporting, regulatory compliance and business operations before audits are conducted.
• Management and coordination of IT controls and policies and processes, including Model Audit Rule, SOC 1, SOC 2, Payment Card Industry (PCI), ITIL, SAS70, COBIT and other compliance initiatives.
• Responsible for audit request tracking, fulfillment and final report content, including weekly and monthly metrics.
• Develop management responses and assist with identification of remediation actions for audit findings.
• Conduct assurance efforts in preparation for Internal and External Audits; provide Management Result Reports & Recommendations.
• Perform reviews of in-scope audit control wording, narratives, and application validation
• Prepare monthly PCI narratives for distribution; manage collection process, narrative tracking and status reports to management
• Process and complete security questionnaires; RFP (Request for Proposal), during contract review, annual customer requests
• Conduct assurance activities such as Information Technology Policy and Standard reviews, FIM (File Integrity Monitoring), PCI email quarantines
• Write and manage updates to procedures for daily tasks required to support the Information Security Governance and Compliance functions.
2015 :
BlueCross BlueShield of Tennessee
Information Security Governance and Compliance Consultant II
Technical Writer in the Technology Shared Services Division at BCBST.
• Compose and edit policies, standards, procedures and job aides while adhering to all applicable regulatory requirements and/or specific guidelines.
• Work with subject matter experts to gather technical data; analyze and interpret data to determine appropriate syntax, style and grammatical usage.
• Publish, update and archive documents according to the standard process. Monitor documents and communicate with document owners, when applicable, regarding compliance with annual document review requirements.
• Execute related tasks for document control system and documentation change control process : distribution, revisions, and records.
• Coordinate, edit and publish executive reporting of critical projects and initiative updates.
2013 : 2015
BlueCross BlueShield of Tennessee
Technical Writer II
Assistant to Division VP, meeting minutes, communications, data collection, proof reading/editing, weekly executive reports, organizational charts, seating charts, coordination of financial reports, division and departmental budget review, office supply procurement, contract and purchase order review and processing, special projects, coordination of all staff meetings, process training, and policy development.
2010 : 2013
BlueCross BlueShield of Tennessee
Executive Administrative Assistant to VP of Technology Shared Services
Assistant to CEO, supervision of medical secretaries and support staff, meeting minutes in accordance with regulatory guidelines, physician credentialing for large hospital medical staff, policy and procedure review, contract review, meeting coordination, projects, special events, assistance with resolution process, chart audits for business office, payroll, and accounts payable.
2004 : 2010
HealthSouth Rehabilitation Hospital
Administrative Supervisor, Assist. to CEO
Company:
BlueCross BlueShield of Tennessee
About
Global Information Security Foundation (GISF) Certified Dec 2018
American Health Management (AHM) Certification March 2015
ITIL v3 Foundation Certified March 2013
CAP-OM (Certified Administrative Professional with specialty in Organizational Management) Nov 2011
THCEA Education and Professional Development Award Recipient 11/2011
THCEA President (Tennessee HealthCare Executive Assistants) 2010-2012
Profile Photo
