Jonathan Lee Email & Phone Number

Tysons, Virginia, US

Advanced GRC

Mclean, VA, US

• Led cybersecurity risk management initiatives, overseeing risk assessments and mitigation strategies for a portfolio of 200+ applications. Managed cross-functional teams to ensure compliance with federal regulations.
• Achieved 100% regulatory compliance by leading eight workstreams, coordinating teams, and delivering timely updates to executive leadership on program status and risks.
• Improved overall cybersecurity posture by spearheading enterprise-wide logging initiatives, aligning processes with NIST standards to enhance security measures across the organization.
• Reduced risk management processing time by utilizing the Unified Tech Exception Program (UTEP), streamlining risk assessment and mitigation procedures for business applications.
• Increased operational efficiency by developing and standardizing program management playbooks, creating clear documentation that unified cybersecurity practices across teams.
• Ensured high-quality program execution by managing and maintaining a comprehensive Tableau dashboard, quickly addressing data quality issues and successfully delivering over 35 programs on schedule.

Basking Ridge, NJ, US

• Conducted risk assessments and developed cybersecurity governance policies. Collaborated with IT, legal, compliance, and business teams to implement effective risk mitigation strategies and ensure compliance with.
• Reduced cyber risks by conducting 100+ risk assessments and audits, identifying vulnerabilities, and implementing mitigation strategies for internal projects and third-party vendors.
• Strengthened cybersecurity governance by developing and implementing policies and procedures, aligning them with Verizon’s objectives, and fostering a culture of continuous improvement.
• Improved vendor security compliance by evaluating third-party vendors, identifying security gaps, and proposing mitigation strategies, resulting in enhanced alignment with corporate security standards.
• Increased operational effectiveness by overseeing the development of key performance indicators (KPIs) to measure governance initiatives, driving continuous improvement in cybersecurity practices.
• Ensured compliance with industry standards by conducting security reviews, addressing policy violations, and collaborating with IT teams to implement necessary security measures.

Worldwide, OO

• Delivered cybersecurity consulting services for federal clients, including the Office of the Comptroller of the Currency (OCC) and Internal Revenue Service (IRS). Led teams in risk management and security control.
• Secured full system accreditation by utilizing the Risk Management Framework (RMF) to complete Security Assessment and Authorization (SA&A) processes, ensuring low vulnerability counts for the IRS and OCC.
• Enhanced application resiliency by conducting tabletop exercises for disaster recovery and incident response, validating the effectiveness of contingency plans under various scenarios.
• Improved security control implementation by developing a Security Controls Traceability Matrix (SCTM), identifying gaps, and assigning responsibilities for control completion.
• Reduced critical vulnerabilities by engaging stakeholders, providing best practices for remediation, and producing detailed documentation to support security control improvements.
• Achieved compliance with federal standards by producing essential security documentation, including System Security Plans (SSP), Information System Contingency Plans (ISCP), and Incident Response Plans (IRP).

Alexandria, VA, US

• Provided consulting services for the Small Business Administration (SBA) and National Labor Relations Board (NLRB), collaborating with ISSOs to prepare ATO packages and ensure compliance with NIST 800-53 controls.
• Delivered fully authorized information systems with low audit findings and vulnerabilities by preparing comprehensive ATO packages and conducting thorough assessments for the SBA and NLRB.
• Enhanced compliance with federal standards by supporting annual Assessment and Authorization (A&A) processes using NIST 800-53 Rev. 4 controls and generating critical system documentation.
• Ensured effective risk management by developing a security requirement matrix and utilizing the Cyber Security Assessment and Management (CSAM) tool to document evidence for A&A.
• Strengthened incident response capabilities by conducting annual tabletop exercises for Incident Response and Contingency Plans, identifying gaps, and refining procedures based on lessons learned.
• Facilitated effective vulnerability management by generating Plans of Action and Milestones (POA&M) using Compliance Assessment Solutions (ACAS) like Nessus, ensuring timely remediation of identified vulnerabilities.

Bachelor'S Degree, Industrial And Systems Engineering

High School Diploma, Academy Of Science (Aos)

High School Diploma