Information Assurance Analyst
Current•Performs internal and external IT risk assessments using applicable Risk Matrix templates, Risk Assessment Matrix, Risk Control Self –Assessment and Risk Management life cycle and provided recommendations on mitigation options.•Executes preparation for Cybersecurity Maturity Model Certification (CMMC) assessments by evaluating information technology environments against CMMC, NIST 800-171 and NIST 800-53 standards, and other associated regulations.•Ensures systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package.•Provides security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis current threats to information security and systems.•Helps in managing temporary ATO’s due to unforeseen contingencies realized during Assessments leading to the creation of open POA&M's/corrective actions to track and remediate critical and high vulnerabilities before a 3-year ATO can be granted.•Develops and updates security authorization packages in accordance with client’s requirements and compliant with FISMA. Core documents that I am responsible for are the System Security Plan (SSP), Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan (IRP), Standard Operating Procedures (SOP), Plan of Actions and Milestones (POA&M), Remediation Plans, Configuration Management Plan (CMP), etc.