• Coordinated FedRAMP readiness assessment to include security controls gap analysis on exiting compliance certifications such as ISO 27001 and SOC2. • Tailored existing policy documents from previous audits to FedRAMP requirements.• Reviewed vulnerability scans results to identify/analyze threats and weaknesses on the systems, then proffering remediation action through tickets and POA&Ms.• Coordinated security controls assessment process by participating in kickoff meetings, reviews of SAP, and ensuring the necessary artifacts are in place for the SCA team to test controls for effectiveness.• Authored and maintained A&A documents such as the SSP, POA&M, SAR, SRTM, IRP, CMP, and CP.• Managed continuous monitoring activities to include system status reports, system significant change, A&A documents review/update, periodic security control assessments, audit logs reviews, and vulnerability management.• Maintain Body of Evidence (BOE) artifact, policies, and procedures as well as A&A documents• Tailor baseline security controls by separating the controls into common, system-specific, and hybrid control as well as applying control inheritance, enhancement, and compensating controls as needed.

• Performed Security Control Assessment as part of ongoing assessment using NIST SP 800-53A to assess the adequacy of management, operational privacy, and technical security controls implemented. Testing the security controls to make sure that the controls have been implemented correctly, functioning as intended, and producing the desired outcome.• Developed, reviewed, and updated Security Assessment Plan (SAP), Security Control Test Plan, Security Control Requirement Traceability Matrix (SCRTM), and Documentation Request List (DRL) for approval prior to the start of the assessment.• Reviewed security artifacts such as System Security Plan (SSP), Contingency Plan (CP), Configuration Management Plan (CMP), Incidence Response Plan (IRP), Hardware/Software inventories, screenshots of systems configurations, policies and procedures, Standard Operation Procedures (SOP) to support information assessment and control implementations.• Developed and regenerated security documentation at the conclusion of assessments such as SSP, SAR, PAO&M, and ATO Letters. Update SSP to reflect the current control implementation status.• Developed risk assessment reports by identifying threats and vulnerabilities applicable to the system.

● Liaised with the assessment team in developing the Security Assessment Plan using the NIST 800 53A as a guide to outlining the assessment objectives, scope, test procedures, and schedule. ● Conducted Security Control Assessment in accordance with NIST SP 800-53A to test the technical, management, and operational controls effectiveness for multiple major applications and General Support Systems (GSS).● Developed Security Assessment Reports (SAR) detailing the results of the assessment carried out and documented the corresponding plan of action and milestone (POA&M) to ensure remediation actions and timely mitigation of the findings.

•Gathered user and business requirements by engaging clients, user group representatives, and stakeholders using JAD sessions, and converting them into functional specification documents (FRD).•Created workflows, use case diagrams, and activity diagrams from functional requirements using MS Visio, Word and wireframe.•Developed Requirement Traceability Matrix (RTM) for maintaining/updating current and new system requirements using MS Excel•Served as a liaison between system owners and other software development stakeholders such as system architects, software engineers, Quality Assurance and Testers to ensure that system requirement is effectively communicated.•Employed knowledge of the software development life cycle (SDLC) in designing test cases as well as conducting user acceptance testing to ensure that all identified bugs are communicated to the system engineers for remediation.

•Collaborated with the IT department in the planning and implementation call center solutions.•Performed diagnostics and analysis of system issues and promptly deliver known solutions to identified issues.•Provided support to application end users, by troubleshooting issues via phone and email, while documenting unresolved issue as tickets escalated to back-office support. •Managed and analyzed websites and social media traffic to collect useful data necessary to enhance user experience as well as providing end-user support.