 Conducts assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applicationsand databases residing within the system boundary.  Perform vulnerability/risk assessment analyses to support A&A activities.  Develop solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP). Perform assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess. Maintains and manages Security Authorization and Assessment packages that include System Security Plans(SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentations for the system. Performs risk assessments, develops, and recommends mitigating controls, and remains abreast ofadvancements that address emerging business and environmental factors impacting assurance levels. Analyzes and updates System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E). Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorizationprocess, including A&A scanning, documentation, reporting and analysis – analyzing current threats toinformation security and systems. Ensuring all supporting artifacts and results will be documented appropriately and timely manner.  Adhering to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing, and implementing security controls, testing, and validating security controls, and analyzing and tracking corrective action plans. Performing ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide.

• Ensured uninterrupted 24/7/365 real-time surveillance of security tools, dashboards, and email notifications, aiming for zero downtime in monitoring.• Maintained constant vigilance over security defenses and functionalities for clients, focusing on proactive threat mitigation.• Swiftly provided initial analysis, containment, and escalation in significant incidents, aiming for minimal response time and maximum incident control. Conducted Security Test and Evaluation (ST&E) assessment and populated Requirement Traceability Matrix (RTM) based on NIST SP 800-53A.• Reviewed the provisional impact levels (NIST-recommended) for appropriateness based on the organization's mission and considered whether the NIST-recommended impact level is appropriate for the System or whether the impact level should be modified to a lower or higher level and then provided the rationale for the adjustment.• Efficiently differentiated and eliminated false positive alerts to maintain system integrity and focus on genuine threats.• Skillfully processed Malicious/Phishing Email alerts from IronPort and FireEye, adhering to standard procedures and aiming for quick resolution.• IT General Controls, (PCI DSS) Payment Card Industry, Data Privacy, HIPAA, and other compliance requirements, as appropriate• Utilized Splunk Enterprise Security (ES) for comprehensive monitoring and analysis of network traffic, IDS, and security event logs, focusing on detailed threat assessment.• Employed Cisco Sourcefire for diligent network traffic monitoring, ensuring all malicious traffic is identified and blocked effectively.• Conducted incident response with a focus on quick identification and resolution of computer security incidents.• Ensured precise incident data collection, quality control, and validation through ticketing systems, aiming for accuracy in incident reporting.• Analyzed and correlated data from various sources for effective escalation or validation, enhancing incident resolution.

• Participated in various IT audits for clients within the financial, technology and information security industry, including development of risk and controls matrix and audit procedures, execution of testing and communication of findings to key stakeholders.• Provide analysis and recommendations for identified security exceptions; participate in defining remediation efforts. • Ensure all vendor relationships are documented and all contracts related to vendors that provide outsourced services are uploaded in the system. • Perform 3rd Party Vendor Risk Assessments & assist in the reporting of vendor risk management activities. • Identify opportunities to improve risk posture, develop solutions for remediating or mitigating risks and assessing the residual risk. • Contribute to the Cyber assessment metrics and GRC reporting to senior management to influence risk-based results. • Review and validate vulnerability findings. • Identifying weaknesses and vulnerabilities within the system and proposing counter measures. • Maintain strong working relationships with individuals and groups involved in managing information risks across the organization. • Assist in remediating penetration tests, application & vulnerability assessment findings. • Perform internal risk assessment. • Perform focused risks assessments of existing or new services and technologies. • Work with cross-functional teams, including IT, human resources, contracts, and security to address potential compliance issues and achieve data privacy program initiatives and provide as-needed support to other programs within Ethics & Compliance.