• Ensured disaster recovery capabilities aligned with RTO and RPO requirements based on Business Impact Analyses (BIA).• Developed, reviewed, and maintained ATO documents for client’s information system to such as, System Security Plans, Software & Hardware Inventory, System Design Document, Control Implementation Matrix, Inheritance, other Security Assessment and Authorization artifacts for ATO packages.• Provide support for Continuous Monitoring activities for Information Systems, including review of systems and applications security vulnerabilities reports from tools such as Nessus, Veracode, and STIG compliance to design and develop remediation plans.• Develop key security Documentations (SSP, SAP, SAR, RA, ISCP, and IRP) and Artifacts for systems undergoing the A&A process utilizing organizational templates.• Investigated and remediated security events as an active member of the incident response team.• Provided Assessment and Authorization (A&A) support for new systems undergoing initial authorization to operate (ATO) process and existing systems undergoing continuous monitoring (CONMON).• Performed annual review and updates of Security documentation and policy such as System Security Plan (SSP), Contingency Plan (CP), Incidence Response (IR), Configuration Management Plan (CMP), Risk Assessment Report (RAR), SOPs, Policies, and other security documents as required.

• Ensured disaster recovery capabilities aligned with RTO and RPO requirements based on Business Impact Analyses (BIA).• Developed, reviewed, and maintained ATO documents for client’s information system to such as, System Security Plans, Software & Hardware Inventory, System Design Document, Control Implementation Matrix, Inheritance, other Security Assessment and Authorization artifacts for ATO packages.• Provide support for Continuous Monitoring activities for Information Systems, including review of systems and applications security vulnerabilities reports from tools such as Nessus, Veracode, and STIG compliance to design and develop remediation plans.• Develop key security Documentations (SSP, SAP, SAR, RA, ISCP, and IRP) and Artifacts for systems undergoing the A&A process utilizing organizational templates.• Investigated and remediated security events as an active member of the incident response team.• Provided Assessment and Authorization (A&A) support for new systems undergoing initial authorization to operate (ATO) process and existing systems undergoing continuous monitoring (CONMON).• Performed annual review and updates of Security documentation and policy such as System Security Plan (SSP), Contingency Plan (CP), Incidence Response (IR), Configuration Management Plan (CMP), Risk Assessment Report (RAR), SOPs, Policies, and other security documents as required.

 Provided analytical support for cybersecurity commitments by participating in customer risk assessments and mapping internal policies and controls to customer requirements. Collaborated with analysts from external organizations to investigate security events. Analyzed and documented adherence to security standards including SOC 2, HIPAA Security Rule, HITRUST, and NIST 800-171. Worked with various internal stakeholders to ensure software and data implementations were aligned with internal security policies and customer security requirements. Audited data access, appropriate use of software, and cybersecurity training compliance. Performed comprehensive risk assessments for new and existing applications, identifying potential security vulnerabilities and threats. Utilized Archer to assess and document the inherent risk associated with applications, ensuring a thorough understanding of potential impacts. Conducted risk assessments focused on online fraud authentication processes, identifying vulnerabilities in authentication mechanisms. Prioritized and remediated vulnerabilities based on risk severity and potential impact.

• Reviewed security artifacts such as System Security Plan (SSP), Contingency Plan (CP), Configuration Management Plan (CMP), Incidence Response Plan (IRP), Hardware/Software inventories, screenshots of systems configurations, policies and procedures, Standard Operation Procedures (SOP) to support information assessment and control implementations.• Ensured artifacts are properly completed, accurately reflect the system.• Performed Security Control Assessment as part of ongoing assessment using NIST SP 800-53A to assess the adequacy of management, operational privacy, and technical security controls implemented. Testing the security controls to make sure that the controls have been implemented correctly, functioning as intended, and producing the desired outcome.• Provided ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, and FEDRAMP.• Assisted in maturing the security compliance program, including ongoing operational requirements• Developed policies related to security frameworks such as ISO 27001, NIST 800-53, HIPAA/HITECH, or PCI DSS.• Developed, reviewed, and updated Security Assessment Plan (SAP), Security Control Test Plan, Security Control Requirement Traceability Matrix (SCRTM), and Documentation Request List (DRL) for approval prior to the start of assessment.• Examined organizational policies, standards and procedures and provided advice on their adequacy, accuracy, and compliance following NIST standard guidelines.