Open to opportunities

M M

@mm07

Message

Accomplished IT Compliance and Cybersecurity professional with extensive experience.

Zimbabwe

Message

What I'm looking for

I seek a role that fosters innovation, emphasizes compliance, and offers growth opportunities in cybersecurity.

I am an accomplished IT Compliance and Cybersecurity professional with extensive experience in federal regulatory frameworks, risk management, and cybersecurity. My expertise lies in NIST RMF, FISMA, FedRAMP, HIPAA, and DoD CMMC, where I have successfully implemented security frameworks and managed audits to ensure compliance and enhance cybersecurity postures.

Throughout my career, I have demonstrated a strong ability to drive diverse Information Security and Cyber Defense initiatives. I have authored and maintained System Security Plans (SSPs), managed security control implementations, and collaborated with GRC tools for risk management and compliance tracking. My leadership in risk assessments and vulnerability management has consistently aligned IT security solutions with organizational goals, ensuring robust information security in complex regulatory environments.

Experience

Work history, roles, and key accomplishments

Current

Security Consultant

Current

Northrop Grumman / Peraton

Jun 2020 - Present (5 years 1 month)

Developed and enforced information security policies, focusing on cloud security and FedRAMP assessments. Authored and maintained System Security Plans (SSPs) and other security documentation, ensuring accuracy and compliance.

Cloud Security FedRAMP HIPAA)FISMA AWS ServiceNow Jira Archer

Cybersecurity / Privacy Risk Analyst

MITRE Corporation

Jun 2019 - Present (6 years 1 month)

Delivered executive reports on potential improvements in risk management processes aligned with NIST frameworks. Led business process reengineering to enhance operational efficiency and reduce costs.

Cybersecurity NIST ServiceNow Jira

Security Consultant

R2SEC LLC

Oct 2015 - Present (9 years 9 months)

Provided oversight and technical leadership for cloud-based security assessments and authorizations. Coordinated risk assessments, remediation plans, and control implementations as part of the Assessment and Accreditation process.

Cloud Security FedRAMP HIPAA)FISMA AWS Risk Management Vulnerability Management Security Planning

Cybersecurity Assessment Engineer

R2SEC LLC

Oct 2015 - Present (9 years 9 months)

Conducted risk assessments for cloud products (Box, Office365, Skyhigh, Everbridge) to identify gaps and mitigate risks. Reviewed and ensured compliance with NIST 800-53, FISMA, and FedRAMP standards.

Risk Assessment NIST 800 53 FISMA FedRAMP

Cybersecurity / Privacy Engineer

R2SEC LLC

Oct 2015 - Present (9 years 9 months)

Coordinated efforts to obtain Authority to Operate (ATO) for FISMA/FedRAMP hybrid environments. Audited cloud security evaluations and assisted with Plan of Action and Milestone (POA&M) remediation.

Cybersecurity Privacy Engineering FISMA FedRAMP Cloud Security

RMF / Cloud Compliance Engineer

R2SEC LLC

Oct 2015 - Present (9 years 9 months)

Advised senior leadership on changes affecting information assurance and security posture. Implemented policies and procedures for the protection of critical infrastructure and ensured compliance with IT security regulations.

Information Security

System Engineer

SAIC/Northrop Grumman

Mar 2006 - Present (19 years 4 months)

Supported federal agencies in information security engineering roles. Focused on ensuring compliance and implementing security measures within complex IT environments.

Information Security Systems Engineering Security Operations

Information Security Engineer

Resources International

Jun 2005 - Present (20 years 1 month)

Provided information security engineering services to the Department of Veterans Affairs. Implemented and maintained security controls to protect sensitive government data.

Information Security Security Engineering Data Protection Compliance

Information Security Engineer

Contract

Dec 2003 - Present (21 years 7 months)

Worked as an Information Security Engineer for NWS/NOAA. Responsible for securing critical information systems and ensuring adherence to security policies.

Information Security System Security Policy Implementation Network Security

E-Security/ IT Audit/ E-Government Coordinator

State Government of Maryland, Prince George’s County

Jun 2001 - Present (24 years 1 month)

Coordinated E-Security, IT Audit, and E-Government initiatives. Ensured compliance with state and federal regulations for digital services and information systems.

IT Audit Regulatory Compliance Digital Information Systems

Senior Partner

Net effort Inc

Mar 2000 - Present (25 years 4 months)

Served as a Senior Partner, contributing to strategic planning and project execution. Focused on delivering IT solutions and managing client relationships.

Strategic Planning Project Management Client Management Business Development