Mechia Cham Email & Phone Number

• Ensured disaster recovery capabilities aligned with RTO and RPO requirements based on Business Impact Analyses (BIA).
• Developed, reviewed, and maintained ATO documents for client’s information system to such as, System Security Plans, Software & Hardware Inventory, System Design Document, Control Implementation Matrix, Inheritance.
• Provide support for Continuous Monitoring activities for Information Systems, including review of systems and applications security vulnerabilities reports from tools such as Nessus, Veracode, and STIG compliance to.
• Develop key security Documentations (SSP, SAP, SAR, RA, ISCP, and IRP) and Artifacts for systems undergoing the A&A process utilizing organizational templates.
• Investigated and remediated security events as an active member of the incident response team.
• Provided Assessment and Authorization (A&A) support for new systems undergoing initial authorization to operate (ATO) process and existing systems undergoing continuous monitoring (CONMON).

• Ensured disaster recovery capabilities aligned with RTO and RPO requirements based on Business Impact Analyses (BIA).
• Developed, reviewed, and maintained ATO documents for client’s information system to such as, System Security Plans, Software & Hardware Inventory, System Design Document, Control Implementation Matrix, Inheritance.
• Provide support for Continuous Monitoring activities for Information Systems, including review of systems and applications security vulnerabilities reports from tools such as Nessus, Veracode, and STIG compliance to.
• Develop key security Documentations (SSP, SAP, SAR, RA, ISCP, and IRP) and Artifacts for systems undergoing the A&A process utilizing organizational templates.
• Investigated and remediated security events as an active member of the incident response team.
• Provided Assessment and Authorization (A&A) support for new systems undergoing initial authorization to operate (ATO) process and existing systems undergoing continuous monitoring (CONMON).

 Provided analytical support for cybersecurity commitments by participating in customer risk assessments and mapping internal policies and controls to customer requirements. Collaborated with analysts from external organizations to investigate security events. Analyzed and documented adherence to security standards including SOC 2, HIPAA Security Rule.

• Reviewed security artifacts such as System Security Plan (SSP), Contingency Plan (CP), Configuration Management Plan (CMP), Incidence Response Plan (IRP), Hardware/Software inventories, screenshots of systems.
• Ensured artifacts are properly completed, accurately reflect the system.
• Performed Security Control Assessment as part of ongoing assessment using NIST SP 800-53A to assess the adequacy of management, operational privacy, and technical security controls implemented. Testing the security.
• Provided ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, and FEDRAMP.
• Assisted in maturing the security compliance program, including ongoing operational requirements
• Developed policies related to security frameworks such as ISO 27001, NIST 800-53, HIPAA/HITECH, or PCI DSS.