Washington DC-Baltimore Area
Cybersecurity & GRC professional specializing in CMMC readiness, compliance strategy, and cyber risk management for organizations handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Experienced in helping organizations assess current security maturity, identify compliance gaps, and build practical roadmaps aligned with NIST SP 800-171 and NIST SP 800-172 requirements. I work closely with leadership teams, IT, security operations, and government contractors to simplify complex compliance requirements and translate them into actionable security programs that strengthen both regulatory posture and operational resilience. Core areas of expertise include: • CMMC 2.0 Readiness Assessments & Gap Analysis • NIST SP 800-171 / 800-172 Implementation • Governance, Risk & Compliance (GRC) • Cybersecurity Program Development • Incident Response & Continuous Monitoring • Third-Party & Supply Chain Risk Management • Security Controls & Policy Development • Audit Readiness & Compliance Reporting • Security Awareness & Training Programs I have experience guiding organizations through certification preparation across multiple CMMC maturity levels, including support for self-assessments, third-party assessments, and government-led compliance reviews. I also help prime contractors strengthen subcontractor oversight and establish sustainable compliance processes that support long-term federal contracting requirements. Passionate about building security-first cultures, improving cyber resilience, and helping organizations navigate evolving regulatory and compliance landscapes with confidence.
• Led comprehensive IT audits for 50+ enterprise systems, identifying $2.5M in compliance risks and implementing remediation plans that reduced vulnerabilities by 40% within 6 months. • Developed and executed enterprise-wide risk management frameworks, aligning with NIST, ISO 27001, and SOX standards to mitigate cyber threats and ensure 100% audit readiness. • Conducted risk assessments on cloud migrations and third-party vendors, uncovering 150+ control gaps and negotiating SLAs that improved data security posture by 35%. • Managed a team of 8 IT auditors, delivering 25+ annual audits on time and under budget, resulting in zero major findings across Fortune 500 financial reporting cycles. • Designed GRC (Governance, Risk, and Compliance) dashboards using tools like RSA Archer, providing real-time insights that cut incident response times by 50%. • Performed penetration testing and forensic investigations for high-profile incidents, recovering $1.2M in potential losses and strengthening incident response protocols. • Collaborated with C-suite executives to integrate IT risk into business strategy, launching training programs that boosted organizational risk awareness by 60% via pre/post assessments.
• Identified project risks using techniques such as brainstorming, interviews, and SWOT analysis. • Performed both qualitative and quantitative risk analysis, ensuring thorough evaluation of potential risks. • Gathered data through interviews with client personnel to assess risk and compliance status. • Drafted detailed audit reports outlining compliance status, areas for improvement, and actionable recommendations. • Applied NIST 800-30 standards to identify and document IT-related risks. • Assigned risk ownership, tracked mitigation efforts, and followed up to ensure successful resolution. • Reviewed and updated risk impact and probability as part of ongoing risk management. • Collaborated with the cybersecurity team to ensure compliance with NIST 800-171, 800-53, and other cybersecurity frameworks. • Provided strategic recommendations and implemented security measures to enhance organizational security posture. • Managed project activities within budget and schedule constraints, ensuring scope validation and acceptance of deliverables. Contributed to project document updates, incorporating lessons learned and best practices. • Managed project activities within budget and schedule, validating scope and ensuring acceptance of deliverables. Contributed to updating project documents, incorporating lessons learned, and best practices. Played a role in Project Charter preparation and stakeholder identification. • Led the development of project management plans using existing organizational assets and expert judgments. Collected requirements, defined, and sequenced activities, and managed project teams during execution. Maintained effective communication and reporting to stakeholders and management. • Took a leadership role in requirements analysis, validation, verification and documented processes using standard tools and methodologies. Oversaw the development, maintenance, and implementation of quality program policies (CMMI and ISO).
• Worked with senior management to prioritize remediation efforts based on audit findings. • Documented and reported cybersecurity controls in compliance with organizational standards. • Worked directly with clients to assess their cybersecurity needs and provided solutions. • Managed Azure administrators, overseeing provisioning, configuration, and optimization of cloud resources on Microsoft Azure. Demonstrated hands-on expertise in Azure IAAS services and strong knowledge of Azure PAAS. • Applied extensive experience to create and configure Azure Virtual Machines, storage, and virtual networks. Deployed availability sets, zones, and load balancers for improved Virtual Machine performance. • Defined subnet classifications, configured Custom DNS on Virtual Network, and showcased deep understanding of networking components, including Virtual Network blade options. • Demonstrated competence in site-to-site connectivity through VPN and Express route. Worked on peering and User-Defined Routes (UDR) for Hub-spoke network modules. • Oversaw the design and implementation of Azure-based solutions, ensuring alignment with business objectives and best practices. Collaborated with stakeholders to define cloud service requirements, formulate scalable and cost-effective cloud strategies. Ensured compliance with Azure security policies, implemented Azure Operation practices for streamlined development and deployment processes, resulting in accelerated time-to-market. Provided valuable mentorship to Azure administrators, fostering professional development, and enhancing team capabilities.
• As a PM oversaw the planning, execution, and reporting of cybersecurity assessments for multiple clients. • Maintained clear communication between stakeholders, ensuring alignment on project deliverables. • Managed project timelines, budgets, and resource allocation for multiple cybersecurity projects. • Led teams in the implementation of cybersecurity frameworks and compliance initiatives across various clients in sectors including healthcare, finance, and defense. • Managed a team of cybersecurity professionals, ensuring timely execution of cybersecurity projects and meeting client expectations. • Organized and led weekly project meetings to ensure effective communication and resolution of issues. • Orchestrated the creation of comprehensive project plans, scope documents, schedules, and forecasts, ensuring timely communication on the impacts of changes and decisions. • Developed and implemented best practices and tools for efficient project execution and management, contributing to streamlined workflows. • Successfully managed and coordinated multiple projects simultaneously, optimizing portfolio delivery and adhering to standardization within the Software Development Life Cycle (SDLC) and other defined standards. • Collaborated with management to identify and address potential project issues, demonstrating a proactive approach to problem-solving. • Led and managed software project teams using Agile SCRUM practices, overseeing the development of global websites utilizing HTML, Python, React, Java, SQL, and .Net. Tracked progress using JIRA, monitored, and validated QA results, and executed effective DevOps deployments. Additionally, played a key role in client interactions and business discussions for requirements gathering and planning, ensuring a client-centric approach throughout the project life cycle.
• Spearheaded collaboration with diverse business units to define and document processes and software requirements for automating Mortgage Loan Origination from acquisition to securitization. Implemented features, including credit data extraction for crucial loan process functions. • Applied critical and strategic thinking to develop solution alternatives, ensuring alignment with project value expectations and showcasing adept problem-solving skills. • Served as a resource for the user community, addressing application and system issues, managing stakeholders' change requests, and identifying effective short-term and long-term workarounds for minimal disruption and optimal efficiency. • Collaborated closely with Quality Analysts to ensure application functionality met stringent requirements, emphasizing a commitment to delivering a high-quality product. • Played a pivotal role in post-implementation validation, ensuring seamless integration and meeting both business and customer expectations. Provided bi-monthly status reports and communicated system issues to management for proactive measures.
• Spearheaded collaboration with diverse business units to define and document processes and software requirements for automating Mortgage Loan Origination from acquisition to securitization. Implemented features, including credit data extraction for crucial loan process functions. • Applied critical and strategic thinking to develop solution alternatives, ensuring alignment with project value expectations and showcasing adept problem-solving skills. • Served as a resource for the user community, addressing application and system issues, managing stakeholders' change requests, and identifying effective short-term and long-term workarounds for minimal disruption and optimal efficiency. • Collaborated closely with Quality Analysts to ensure application functionality met stringent requirements, emphasizing a commitment to delivering a high-quality product. • Played a pivotal role in post-implementation validation, ensuring seamless integration and meeting both business and customer expectations. Provided bi-monthly status reports and communicated system issues to management for proactive measures.