Advanced GRC

Led cybersecurity risk management initiatives, overseeing risk assessments and mitigation strategies for a portfolio of 200+ applications. Managed cross-functional teams to ensure compliance with federal regulations and corporate standards. Contributed to business growth by acquiring new client trust through robust cybersecurity frameworks, increasing market competitiveness and retention.● Achieved 100% regulatory compliance by leading eight workstreams, coordinating teams, and delivering timely updates to executive leadership on program status and risks.● Improved overall cybersecurity posture by spearheading enterprise-wide logging initiatives, aligning processes with NIST standards to enhance security measures across the organization.● Reduced risk management processing time by utilizing the Unified Tech Exception Program (UTEP), streamlining risk assessment and mitigation procedures for business applications.● Increased operational efficiency by developing and standardizing program management playbooks, creating clear documentation that unified cybersecurity practices across teams.● Ensured high-quality program execution by managing and maintaining a comprehensive Tableau dashboard, quickly addressing data quality issues and successfully delivering over 35 programs on schedule.● Enhanced compliance and stakeholder engagement by ensuring the timely completion of federally mandated tasks and collaborating effectively with various departments to meet enterprise-wide logging requirements.

Conducted risk assessments and developed cybersecurity governance policies. Collaborated with IT, legal, compliance, and business teams to implement effective risk mitigation strategies and ensure compliance with corporate and industry standards. Strengthened client relationships by implementing effective cybersecurity measures that aligned with corporate business objectives● Reduced cyber risks by conducting 100+ risk assessments and audits, identifying vulnerabilities, and implementing mitigation strategies for internal projects and third-party vendors.● Strengthened cybersecurity governance by developing and implementing policies and procedures, aligning them with Verizon’s objectives, and fostering a culture of continuous improvement.● Improved vendor security compliance by evaluating third-party vendors, identifying security gaps, and proposing mitigation strategies, resulting in enhanced alignment with corporate security standards.● Increased operational effectiveness by overseeing the development of key performance indicators (KPIs) to measure governance initiatives, driving continuous improvement in cybersecurity practices.● Ensured compliance with industry standards by conducting security reviews, addressing policy violations, and collaborating with IT teams to implement necessary security measures.● Enhanced organizational security culture by delivering cybersecurity awareness training and ensuring vendor compliance, reinforcing a proactive security mindset across the company

Delivered cybersecurity consulting services for federal clients, including the Office of the Comptroller of the Currency (OCC) and Internal Revenue Service (IRS). Led teams in risk management and security control assessments, developed security documentation, and conducted exercises to ensure application resiliency.● Secured full system accreditation by utilizing the Risk Management Framework (RMF) to complete Security Assessment and Authorization (SA&A) processes, ensuring low vulnerability counts for the IRS and OCC.● Enhanced application resiliency by conducting tabletop exercises for disaster recovery and incident response, validating the effectiveness of contingency plans under various scenarios.● Improved security control implementation by developing a Security Controls Traceability Matrix (SCTM), identifying gaps, and assigning responsibilities for control completion.● Reduced critical vulnerabilities by engaging stakeholders, providing best practices for remediation, and producing detailed documentation to support security control improvements.● Achieved compliance with federal standards by producing essential security documentation, including System Security Plans (SSP), Information System Contingency Plans (ISCP), and Incident Response Plans (IRP).● Strengthened risk management practices by managing a team overseeing three major applications, addressing security vulnerabilities, and implementing mitigation efforts across the e-Discovery department.

Provided consulting services for the Small Business Administration (SBA) and National Labor Relations Board (NLRB), collaborating with ISSOs to prepare ATO packages and ensure compliance with NIST 800-53 controls.● Delivered fully authorized information systems with low audit findings and vulnerabilities by preparing comprehensive ATO packages and conducting thorough assessments for the SBA and NLRB.● Enhanced compliance with federal standards by supporting annual Assessment and Authorization (A&A) processes using NIST 800-53 Rev. 4 controls and generating critical system documentation.● Ensured effective risk management by developing a security requirement matrix and utilizing the Cyber Security Assessment and Management (CSAM) tool to document evidence for A&A.● Strengthened incident response capabilities by conducting annual tabletop exercises for Incident Response and Contingency Plans, identifying gaps, and refining procedures based on lessons learned.● Facilitated effective vulnerability management by generating Plans of Action and Milestones (POA&M) using Compliance Assessment Solutions (ACAS) like Nessus, ensuring timely remediation of identified vulnerabilities.