Booz Allen HamiltonCompliance & Risk Management Analyst
Sep. 2018 - Jul. 2021McLean, Virginia, United StatesCyber Compliance & Risk Management
• As a lead assessor, I possess a deep understating of the Risk Management Framework, and I am familiar with the Security Regulations and Standards of DoD and currently with CMS on the NQIIC project. • Reviews, updates or creates and maintains Information system security documentation, including System Security Plan (SSP), Contingency Plan, Security Assessment Plan, Security Controls Matrix and Assessment, POA&M and Security Configuration Guide (controlled changes to the system) to support a system’s authority to operate (ATO).
• Leads in obtaining PIA and PTA since CMS deals with PII and PHI. • Support A&A activities for systems to obtain an Authorization to Operate (ATO) and track FISMA compliance information.
• Provides cybersecurity and IT consulting services to DoD, VA, and currently HHA clients, assisting stakeholders with package validation through the Risk Management Framework (RMF) process. • Examines, tests, and interviews system owners to validate compliance with the National Institute of Standards and Technology (NIST) controls, including NIST SP 800-53.
• Writes and edits RMF control family templates, implementation plans, and plans of action and milestones (POA&M) to assess security controls and obtain ATO. • Manages and maintains the health of Vulnerability Assessment/Security Posture infrastructure manager/clients. • Gathers data and research through the deployment and implementation of DoD Cybersecurity tools such as eMASS.