Denise Thurlow
Details
Milliman
Information Security Analyst
Creating new and improving existing compliance workflows, performing gap analyses, creating and documenting internal standards and policies, and rolling everything out with comprehensive training. Collaborating across teams and lines of business throughout the enterprise to bring us further into compliance with the New York Department of Financial Services (NY DFS), California Consumer Privacy Act (CCPA), and NIST Cyber Security Framework (NIST CSF).
2021 : 2022
ICW Group
IT Governance, Risk, and Compliance Analyst
Create and enforce templates and standards. Maintain knowledge libraries in multiple platforms (ServiceNow and Confluence Knowledge Bases). Report on documentation status by department. Proofread and make materials user-oriented. Build computer-based trainings (CBT) and provide in-person trainings for stakeholders (Information Security, Infrastructure and Operations, IT, etc.) Collect information to design and document processes (Access Management, vendor support, audit responses, compliance gap analyses, etc.) for compliance (IT MAR, NIST CSF, NY DFS). Coach team members on workflow, Agile, and Scrum principles. Manage/maintain the Kanban board. Create reports and metrics out of ServiceNow/Jira.
2017 : 2021
ICW Group
Technical Writer
Creating document templates for multiple software platforms such as Confluence and ECM.
Creating Proof of Concepts (POCs) to evaluate document management system software solutions.
Collaborating with Subject Matter Experts (SMEs) to create disaster recovery procedures, information security policies, Client Services procedures, project artifacts, and other miscellaneous documentation.
Participating in project meetings on ISO 27001/27002 compliance strategies from a documentation standpoint.
2016 : 2017
SkillStorm
IT Technical Writer
Developing and reporting IT compliance metrics (NERC CIP v5, SOX, and internal IT standards)
Mapping (Visio) and documenting procedures (SOX procedures, identity management procedures, access management procedures, compliance standards, CIP-002 BES Cyber Asset updating procedures, etc.)
Collaborating with other departments within IT to create/update/route their documentation using corporate templates (runbooks, validation procedures, configuration manuals, baseline configurations, corporate standards, etc.)
2015 : 2016
Radiansys Inc.
IT Technical Writer
About
Put me on a diverse team with autonomy and a deadline, and we will deliver!
Currently I am doing information security gap assessments in the governance, risk, and compliance department at Milliman in San Diego. I work with managers, information security, developers, client services, IT, purchasing/procurement, legal, HR, compliance, and other SMEs to report gaps. Then I consult practices to close those gaps.
My background is actually in medical devices and biotech, which have regulatory and quality standards such as ISO 9001 and ISO 13485. I also have a background in technical writing in both the biotech and cyber security industries. That provides a nice overlap when it comes to working in diverse project teams, learning emerging technologies and regulations, writing documentation, creating workflow diagrams, reporting metrics, and meeting high pressure deadlines.
Profile Photo
