Jada P. Email and Phone Number

Achievements:Developed internal audit program for global customer who adopted ISO 27001 and NIST 800-53 Implemented Risk Management Program for customer that adopted NIST RMF for organizationProvided security advisement to Customers in Healthcare, Ecommerce, and technology industriesUtilized Qualys vulnerability scanner to scan customer's environment for vulnerabilities and provided recommendations to remediating vulnerabilities. Assessed global customer's environment against SOC 2 Type 2 control requirements.Provided security awareness training and consulting on important topics to global customers needing to better inform their workforce.

Achievements: Worked on national team to conduct risk assessment of the user on MFA for privileged and non privileged users. Lead national team in the development of Security Champions Program in order to train users on security best practices.Conducted risk assessments on use of TikTok and WeChat on Company owned devices and provided recommendations that effected national users.Reviewed company's procurement process and conduct gap analysis against NIST guidelines for supply chain risk. Reported findings to leadership with recommendations. Developed formal procurement process to include information security best practices for adoption across national team.

Achievement:Provided security direction for new cloud environment to meet compliance requirements to DOD STIGS, NIST 800-53, and CIS.Provided security direction on the implementation of a secure CI/CD pipeline,Performed control audit on cloud infrastructure and resources for compliance to NIST 800-53 controls Utilized Terraform to build cloud resources for the purpose of showing leadership example of how to adhere to compliance to NIST 800-53. Assisted with the development of the system security plan for cloud environment

Achievements:Conducted reviews of baseline configuration packages to include DISA STIGS, vulnerability reports, artifact applicability, and PO&AM reviews to validate that changes maintain alignment with approved ATO and did not exceed the risk threshold.Assisted in the development and review of security policy and procedures for adoption across the site and/or applicability to NIST 800-53Participated in and observed control audits for internal and external control assessments in accordance with NIST 800-53a and NIST 800-37. Provided recommendations on boundaries alignment with required security controls. Developed and reviewed SAR documentation for interpreting results to senior leadership.Developed and presented cyber security awareness training to technical and nontechnical audiences.Participated in procurement meetings in order to review/determine any security risks involved and provided recommendations to ISSM.Conducted RFP/RFP for new GRC tool and presented results, along with recommendation to senior officialsConducted and reviewed risk assessments for configuration change requests, procurement requests, and vulnerability findings and developed report to present findings to senior leadership.Lead the development of the eDiscovery program to create defensible workflows between Legal and IT.

Achievements:Conducted reviews of baseline configuration packages to include DISA STIGS, vulnerability reports, artifact applicability, and PO&AM reviews to validate that changes maintain alignment with approved ATO and did not exceed the risk threshold.Assisted in the development and review of security policy and procedures for adoption across the site and/or applicability to NIST 800-53Participated in and observed control audits for internal and external control assessments in accordance with NIST 800-53a and NIST 800-37. Provided recommendations on boundaries alignment with required security controls. Developed and reviewed SAR documentation for interpreting results to senior leadership.Developed and presented cyber security awareness training to technical and nontechnical audiences.Participated in procurement meetings in order to review/determine any security risks involved and provided recommendations to ISSM.Conducted RFP/RFP for new GRC tool and presented results, along with recommendation to senior officialsConducted and reviewed risk assessments for configuration change requests, procurement requests, and vulnerability findings and developed report to present findings to senior leadership.Lead the development of the eDiscovery program to create defensible workflows between Legal and IT.

Developed Defensible background check procedure that aligned with DCSA requirements and NIST 800-53 for properly assessing a candidates suitability for security clearance.Discussed candidate suitability concerns with leadership and provided recommendations for additional follow up.Conducted face to face interviews with the subject, their neighbors, employers, friends, and familyConducted data analysis and collected additional data if gaps are noticed or if new events are developed during interviews. Ensured reports were classified appropriatelyReport all findings in a clear and concise report and submit for review to determine candidate suitability

Conduct Asset Inventory of all IT equipment within office by locating devices, logging conduction of asset, labeled asset based on data classification level, verified asset Tag ID, and ensured antivirus software updated where applicable.Conducted evidence inventory within evidence locker by locating evidence, verifying evidence matches it tag, validated chain of custody, and ensured proper classification label attached to evidence.Conducted file inventory of all classified and non classified field within filesystem by ensuring files were located in correct file safe, ensuring documents were labeled correctly based on data found within, validated chain of custody was accurate for files, and followed file disposal procedure for applicable files.Utilized an internal classified database to input classified information regarding high profile counterfeit cases.Assisted in the development of Asset inventory procedures for IT equipment and evidence that aligned with internal security policies and NIST 800-53.