• Conduct IT risk assessment to identify system threats, vulnerabilities, and risk, and generate reports.• Maintain, review and update information security system documentations, including System Security Plan (SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), policies and procedures, security control baselines in accordance with NIST guideline and security practices.• Apply appropriate information security controls for Federal Information System based on NIST 800-37 Rev1, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A R4. • Assess security controls and develop Security Assessment Reports (SAR). • Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) according to the A&A project plan. • Facilitate Security Control Assessment (SCA) and Continuous Monitoring Activities.• Review authorization documentation for completeness and accuracy for compliance. • Execute examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4. • Ensure cyber security policies are adhered to and that required controls are implemented. • Validate information system security plans to ensure NIST control requirements are met. • Assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements. • Review security logs to ensure compliance with policies and procedures and identifies potential anomalies. • Update and review A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, and POA&M. • Collect Operation and Maintenance artifacts on an ongoing basis so that SCA is seamless. • Upload supporting documentations into the SharePoint, Google Docs, and eMASS/CSAM. • Manage vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network.

• Ensured proper system categorization using NIST 800-60 and FIPS 199; implemented appropriate security controls for information system based on NIST 800-53 rev 4 and FIPS 200. • Conducted security assessment interviews to determine the Security posture of the System and to Perform Kick- Off Meetings via MS Teams in Outlook.• Applied appropriate information security control for Federal Information system based on NIST 800-37 Rev1. • Facilitated Security Control Assessment (SCA) and monitor activities. • Developed a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization. • Reviewing, maintaining, and ensuring all Assessment and Authorization (A&A) documentation is included in the system security package. • Performed information security risk assessments and assist with the internal auditing of information security processes. • Assessed threats, risks, and vulnerabilities from emerging security issues and identified mitigation requirements. • Worked with system owners to develop, test, and train on contingency plans and incident response plans. • Tested, assessed, and documented security control effectiveness. • Collected evidence, interviewed personnel, and examined records to evaluate effectiveness of controls. • Reviewed and updated remediation on Plan of Action and Milestones (POA&Ms), in organization’s eMASS.• Worked with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M. • Scheduled and facilitated weekly virtual meetings using MS Team and Zoom.

Supervised the development and implementation of process improvements for Audit and Plan of Action & Milestones (POA&Ms) service areaCreated a positive environment while facilitating communication between management and employees and helping resolve any conflicts or disputes within the office Worked with senior management in business decisions, and provided insight to day-to-day operations in order to make the best choices for the organization Coordinated and facilitates projects in the POA&M service area, including the definition of scope, management of milestones, and relationship managementDeveloped all departments-level reports, regarding status of service area, which increased awareness and compliance by 75%Communicated with customers, handling concerns as they arise, utilizing excellent interpersonal skills to resolve any conflicts to the satisfaction of everyoneProduced and provided statistical reporting on department health to executive leadership Created and implemented strategies to increase employee performance, resulting in an increase of efficiency and efficacy for five consecutive yearsEdited and reviewed team member reports before submissionUtilized excellent communication skills and Conflict Resolution techniques resolves team conflictGenerated solid relationships with clients, assisting with inquires, and driving the development of strong company loyaltyFiled documents, reports, and maintains records, ensuring state, local, and organizational compliance