Develop solutions to security weaknesses in the Requirement Traceable Matrix and SAR, while working on POA&M remediation and Corrective Action Plan.Perform assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.Maintains and manages Security Authorization and Assessment packages that include System Security Plans, Contingency Plans, POA&Ms, SAR, and other relevant security documentations for the system.Performs risk assessments, develops, and recommends mitigating controls, and remains abreast of advancements that address emerging business and environmental factors impacting assurance levels.IT Controls Manager to improve efficiency and effectiveness of IT audit testing procedures, processes, and attributes.Execute day-to-day deliverables that support the ongoing compliance needs related to, PCI, IT policy, compliance, and risk, as well as any new regulatory requirements.Develop/Review deliverables associated with a FedRAMP security authorization package including, but not limited to: System Security Plan, Information System Contingency Plan, Security Assessment Plan, Security Assessment Report.Review for accuracy Security Control Assessment documentation, including but not limited to the Security Assessment Report. Performing ongoing RMF/A&A/ATO projects in support of client security systems using NIST.Ensure compliance with data security policies and relevant legal and regulatory requirements in accordance with agency directives and applicable Risk Management Framework (RMF) requirements.Review Nessus and Nexpose scan reports for deficiencies and remediation of findings. Participates in the System Assessment and Authorization process by working with the key stakeholders to ensure complete and accurate ATO packages.

Participated in various IT audits for clients within the financial, technology and information security industry, including development of risk and controls matrix and audit procedures, execution of testing and communication of findings to key stakeholders.Prepared audit plan and report detailed results of audits; provided written recommendations to clients.Documented audit findings and developed thorough and creative recommendations for business and process owners to mitigate identified risks.Documented control weaknesses and testing results relating to controls in relevant templates. Conduct IT audit fieldwork and walk through of controls; perform detailed testing, analysis of controls, validations, and creation of clear, accurate documentation of workflows in IT process and report of test results and exceptions. Prepared, executed, and reported on audit of subset of NIST SP 800-53 cybersecurity controls to include interview, document review, and testing of systems to support compliance audit activities.Knowledgeable on NIST Cybersecurity Framework and how the Identify, Protect, Detect, Respond, and Recover categories comprise and facilitate an information security programDeveloped concise, tailored cybersecurity awareness content, improving targeted end-user base cyber hygieneDeveloped Just-In-Time cybersecurity awareness content for emerging threats to reduce operational risk to tailored audiencesSemi-quantitatively analyzed cybersecurity risk using NIST SP 800-30 methodology to identify highest risk weaknesses for a systemDocument observations for existing IT control processes and identified issues in assessment questionnaire during disaster recovery planning exercises Conducts assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.

Provide analysis and recommendations for identified security exceptions; participate in defining remediation efforts. Ensure all vendor relationships are documented and all contracts related to vendors that provide outsourced services are uploaded in the system Perform 3rd Party Vendor Risk Assessments & assist in the reporting of vendor risk management activities. Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk. Contribute to the Cyber assessment metrics and GRC reporting to senior management to influence risk-based results. Review and validate vulnerability findings. Identifying weaknesses and vulnerabilities within the system and proposing counter measures. Maintain strong working relationships with individuals and groups involved in managing information risks across the organization. Assist in remediating penetration tests, application & vulnerability assessment findings. Perform internal risk assessment. Perform focused risks assessments of existing or new services and technologies. Work with cross-functional teams, including IT, human resources, contracts, and security to address potential compliance issues and achieve data privacy program initiatives and provide as-needed support to other programs within Ethics & Compliance. Execute on day-to-day deliverables that support the ongoing compliance needs related to, PCI, IT policy, compliance, and risk, as well as any new regulatory requirements. Conducts assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.