*An Information Security professional with diversified experience encompassing Compliance and Risk Management Framework (RMF), Information Security and Assurance, System Development Life Cycle (SDLC), Security Control Assessment, Vulnerability and POA&M Management using different industrial standard frameworks such as OMB, FISMA, FedRAMP, HIPAA, PCI DSS, FIPS 199/200 and NIST 800 SPs (18, 30, 37rev1, 53/53Arev4). * Created and reviewed security artifacts such as System Security Plans (SSP), Contingency Plans (CP), Incident Response Plans (IRP)/Testing, and Configuration Management Plans (CMP), Privacy Impact Assessments and SOPs* Able to develop and implement Technology Controls and Information Security related policies, programs and tools.* Experience documenting technical issues identified during security assessments and recommending improvements in the existing service support tools and "standard findings"* Familiar with network and information system security principles, technologies, and test practices as well as supporting security authorization activities.•Implement step-by-step guidance for client's high risk control to assist in remediating findings. Update risk score baselines to measure remediation over time and help prioritize client's cybersecurity projects• Support client in implementing a Data Loss Protection program• Assist in ensuring that vulnerabilities identified in client's IT security POA&M database are addressed promptly by working with system owners and managers• Assist with creating strategies to achieve cyber-related objectives including due dates, critical paths, and milestones to exceed project goals• Assess the information technology systems, security regulatory risk management and security vulnerabilities; using the NIST SP 800-series and FIPS• Conduct security control assessments and control test of design and operating effectiveness to ensure adherence to customer specific security policy, procedures and industry standards

• Provided front-line support for all information security related issues, such as firewall configuration, advising on security policy compliance, handling data confidentiality issues, monitoring and responding to emerging threats, and security compliance projects (e.g. FISMA).• Reviewed results of Nessus vulnerability scans to ensure the systems are devoid of critical and high vulnerabilities• Worked with appropriate system managers and operations personnel to remediate identified vulnerabilities.• Followed up with management to confirm remediation plans are completed as scheduled• Proactive mitigation of network and operating systems vulnerabilities and recommending compensating control Supported and conducted the examination of transactions across regions linking up pockets of suspicious activity and/or intelligence to provide a consolidated view of FCC issues • Prepared Suspicious Activity Reports (SARs) and prepared for filing. • Interact with Senior Management on the Compliance, Legal and business sectors concerning AML issues. •Conducted several Security Controls Assessments (SCAs) from the planning phase through to client follow-up for several systems• Assessed design and operating effectiveness of IT Controls for severalinformation system boundaries using corresponding System Security Plans (SSP), according to the National Institute of Standards and Technology (NIST) 800-53 publications• Performed Federal Information System Management Act (FISMA) compliance audits• Identified control gaps and created Plan Of Action & Milestones (POA&Ms) reports for vulnerable systems