Current tasking includes monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. Responsibilities include the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks in meeting NIST guidelines and CMMC efforts. Tasking includes, but is not limited to, the following:- Analyzing management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations.- Mapping requirements and regulatory requirements across the information security framework to identify overlapping requirements and compliance efficiencies.- Tracking enterprise compliance across multiple security frameworks including NIST and FISMA and maintaining up-to-date records of requirements and corresponding mitigating controls.- Monitoring third-party risk assessments and assist in performing internal risk assessments.- Collaborating on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.- Supporting development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.

As a member of the security administrators and security analysts team, tasking revolved around compliance based on NIST 800-53 security posturing while ensuring the security triad of confidentiality, integrity, and availability (CIA) for assets. Related tasking included the development, auditing, and maintenance of information system security plans (SSPs), conducting risk assessments, and recommending possible mitigating actions for risks/findings identified by vulnerability scanners, penetration testing, and/or audits. Related tasking included the development of risk-based decisions (RBDs) and Plan of Action and Milestones (POA&Ms). Additional tasking included system engineering efforts in designing and deploying architectural configurations which supported enterprise-based patching efforts, single sign-on, and modifying legacy systems and software. As a lead security analyst, tasking included the certification and accreditation activities for all security plans efforts, managing and resolving agency-based scanning results, mitigation of detected compromised hosts, and ensuring compliance to government mandates. As a member of the infrastructure team tasking included hardware and software support in a heterogeneous environment which included network, system and security administration duties.