 Managed and documented risks in alignment with NIST SP 800-30 and SP 800-37, utilizing a nine-step process to assess threats, vulnerabilities, and security controls surrounding information systems, including evaluating the likelihood and potential impact of exploits on system operations. Ensured compliance with information security policies by guiding and coaching internal teams on the proper use of information technology and best practices for safeguarding organizational… Show more  Managed and documented risks in alignment with NIST SP 800-30 and SP 800-37, utilizing a nine-step process to assess threats, vulnerabilities, and security controls surrounding information systems, including evaluating the likelihood and potential impact of exploits on system operations. Ensured compliance with information security policies by guiding and coaching internal teams on the proper use of information technology and best practices for safeguarding organizational systems. Prepared and reviewed Authorization to Operate (ATO) packages for over 1,200 systems and facilities, including key documents such as SSP, RA, CMP, ISCP, DRP, IRP, and PIA. Collected and evaluated assessment artifacts to ensure compliance with NIST SP 800-53 rev 4 control requirements. Contributed to the FIPS 199 security categorization process and selected appropriate technical, operational, and managerial controls according to NIST SP 800-60 guidelines. Developed Plan of Action and Milestones (POA&M) to address corrective actions stemming from System Test and Evaluation (ST&E). Show less

 Reviewed A&A (Assessment and Authorization) packages to ensure they were up-to-date and that security operations adhered to NIST 800-53 standards, HIPAA, FISMA, and organizational policies and procedures. Assisted in developing, defining, and maintaining HIPAA-compliant information security policies, standards, and procedures, focusing on management, operational, and technical controls. Identified deficiencies, discrepancies, misinformation, and compliance issues within loan… Show more  Reviewed A&A (Assessment and Authorization) packages to ensure they were up-to-date and that security operations adhered to NIST 800-53 standards, HIPAA, FISMA, and organizational policies and procedures. Assisted in developing, defining, and maintaining HIPAA-compliant information security policies, standards, and procedures, focusing on management, operational, and technical controls. Identified deficiencies, discrepancies, misinformation, and compliance issues within loan documentation to determine eligibility or rejection, returning non-compliant packages to teams for resolution. Ensured compliance with and enforcement of applicable laws, following relevant rules and regulations. Provided legal services to the agency, including drafting and perfecting legal documents. Managed litigation efforts by liaising with external solicitors and the Federal Ministry of Science and Technology. Oversaw contract and agreement management for both national and international engagements. Managed the agency’s litigation portfolio, ensuring efficient resolution of legal matters. Show less