Generative AI System: Empower AI Management Information System (MIS). DevSecOps System: Civil Copado System (CCS) • Implemented AI driven framework (NIST 1.0 AI RMF) to optimize compliance for Empower AI Management Information System, ensuring adherence to NIST standards. • Spearheaded the integration of AI governance principles into cloud security practices, enhancing transparency and accountability. • Developed ethical AI usage policies and SOP to mitigate risks associated with bias. • Conducted risk assessments, ensuring compliance with federal regulations and alignment with organizational goals. • Ensures plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

DOJ Civil Division FedRAMP-authorized Systems: Civil Salesforce Government Cloud Plus (CIV-SGCP), Melissa Address Validation Service (MAVIS), IBM Smart Cloud for Government (IBM-SCG), Victim Compensation Fund Infrastructure and Management System (VCFIS/MS).• Reviewed the CRM/CIS from FedRAMP Package and tailored all applicable, externally applicable and Externally inherited controls.• Identify Controls that are system specific, hybrid, and external. Developed control questionnaires to clarify requirements. • Worked on Cloud control implementation and created Assessment Motive for FY24 ATO.• Draft and created IRP. ISCP for Government Salesforce cloud package using the CSP provided documents.• Created Accounts Management Plan, Audit Records SOP, Configuration Management plan, and DOJ Civil Division approved privileged user matrix.JCON Systems: CIV-Wi-Fi Local Area Network (WLAN), CIV-Everlaw SaaS eDiscovery Solution (CIV-EES) Cloud-Based platform, and Case Information Management System (CIMS)• Worked on FedRAMP Package (CIV-Everlaw) System to achieve ATO.• Worked with System Owner to Categorize the System based on the CIA and Privacy of the System, and drafted Categorization Document.• Generated System Security Plan showing that CIV-Everlaw inherits some controls (hybrid or fully) from Justice Management Division (JMD) GovCloud ATO, and the Controls that CIV-EES handles. • Conducted assessment which includes interviews, collection and reviews of evidence that supports assessed controls, reviews of documentation, reviews of systems scan etc. • Migrated Systems from Rev4 to NIST SP 800-53 Rev-5 and assessed FY23 and ongoing FY24 Q1 Core Controls.• Vulnerability report, FedRAMP Vuln. Review, System Audit logs, reviews, and updates.• Drafted ISCP Plan, participated in the ISCP Training, Test Plan, Functional Exercise Real-World After-Action Report, and developed the Business Impact Analysis for Civil Division Systems