Recognized for unique knowledge as a technical expert in the cyber security GRC domains and the application of that knowledge at the organizational or program levelContinually monitors against authorized security control requirements and reports system risks and application configurations or vulnerabilities.Conducts system, network, or software vulnerability audits, assessments and penetration testing in accordance with established processes and procedures.Conducts information system risk assessments and supports compliance documentation and system accreditation requirements.

• Analyzed and updated System Security Plan (SSP), Risk Assessment Reports (RAR), Privacy Impact Assessment (PIA), System Security Test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M) as it related to Frameworks such as FISMA, FedRAMP• Reviewed POA&Ms and enforced timely remediation of audit issues.• Ensured proper system categorization using NIST 800-60 and FIPS 199.• Conducted security assessments by reviewing System Security Plans (SSP) to create Kick-Off Presentation Slides, Security Assessment Plans (SAP), and Security Control Assessment (SCA) matrices.• Assessed security controls per assessment procedures defined in the security assessment plan (SAP) through examination, interviews, and testing.