Cyber Risk Management

Hilda Singeh

Fredericksburg, VA and *****

703-***-**** *****.******@*****.***

PROFESSIONAL SUMMARY

Cybersecurity and Risk Management Professional with expertise in cyber risk assessments, governance, compliance, and vulnerability management. Skilled in conducting cyber risk capability assessments, gap analyses, and security control evaluations to enhance organizational security posture. Adept at harmonizing regulatory requirements (NIST 800-53, SOC 2, FedRAMP, HIPAA) with enterprise risk frameworks, ensuring compliance and risk mitigation across cloud and on-premises environments. Proven ability to assess cloud security controls (Azure, Oracle Cloud), manage POA&Ms, and collaborate with stakeholders to improve cybersecurity resilience. TECHNICAL SKILLS & TOOLS

Core Competencies

Risk Assessments & Security Control Evaluations

Cloud Security (Azure, Oracle Cloud, FedRAMP)

Cyber Risk Capability Assessments & Gap Analysis

Security Authorization (ATO, POA&M Management)

Governance, Risk & Compliance (GRC)

Threat Analysis & Continuous Monitoring

Stakeholder Collaboration & Regulatory Alignment

Cyber Risk Management & Compliance (NIST 800-53, SOC 2, FedRAMP, 23 NYCRR 500, NAIC, HIPAA)

PROFESSIONAL EXPERIENCE

HIPPA Privacy and Compliance Analyst NIH, Rockville Pike Bethesda MD 9/2019 - Present

Assess and manage cloud security risks by reviewing Azure and Oracle Cloud control implementations for compliance with FedRAMP and enterprise security standards.

Perform gap analyses on cyber risk management capabilities, identifying weaknesses in security frameworks and recommending remediation strategies.

Develop and maintain risk assessment documentation, including Security Assessment Reports

(SARs), POA&Ms, and compliance matrices to support ATO processes.

Collaborate with cybersecurity teams and business units, ensuring effective implementation of risk mitigation strategies across cloud and on-premises environments.

Conduct third-party risk assessments, ensuring vendors and cloud service providers align with enterprise security policies and industry regulations.

Managed and assessed security controls in compliance with RMF, FISMA, and NIST 800-37 guidelines.

Information Assurance Specialist B3 Group Inc, Fairfax VA 7/2016 – 3/2019

Conducted system security audits and risk analysis, prioritizing cyber threats and mitigation strategies.

Supported security control selection and implementation, ensuring systems met accreditation standards for federal and healthcare environments.

Collaborated with cross-functional cybersecurity teams, system owners, and auditors to ensure compliance with government security frameworks.

Led cyber risk assessments to evaluate the effectiveness of security controls and identify vulnerabilities across on-premises and cloud-based systems.

Harmonized security frameworks and compliance requirements by aligning NIST 800-53, FedRAMP, SOC 2, and HIPAA with organizational policies.

Conducted vulnerability scanning and risk analysis, leveraging Nessus and Splunk to assess security control effectiveness and ensure continuous monitoring.

Worked with SCAs and AOs to ensure system security authorizations aligned with compliance frameworks and risk mitigation goals.

Computer Systems Analyst Minuteman Group, Lexington, MA 5/2015 – 6/2016

Performed cyber risk management capability assessments, evaluating system security configurations and access controls to ensure regulatory compliance.

Conducted Security Testing & Evaluation (ST&E), assessing security control effectiveness and identifying system vulnerabilities across Azure and Oracle Cloud environments.

Developed cybersecurity policies and compliance frameworks, ensuring alignment with FedRAMP, SOC 2, and enterprise risk standards.

Performed access control reviews and identity management audits, ensuring role-based access control (RBAC), least privilege enforcement, and multi-factor authentication (MFA) to protect sensitive information.

Supported compliance audits and vulnerability assessments, evaluating system security configurations, tracking remediation efforts in POA&Ms, and delivering risk reports to executive leadership.

Collaborated with IT security teams to implement security controls, improving risk posture and enhancing regulatory compliance efforts.

EDUCATION & CERTIFICATIONS

Education

Bachelor of Science, Healthcare Management

Ashworth College, Norcross, GA 30092

Associates Degree in Health Information Management Penn Foster College, Scranton, PA 81515

Certifications

SCM: Scrum Master Accredited Certification

S+: COMPTIA Security+ Certification

CGRC: Certified in Governance, Risk and Compliance (In Progress)

CISM - Certified Information Security Manager (In Progress) Technical Proficiency

Networking & Security: SharePoint, McAfee Virus Scan Enterprise

Cyber Risk & Compliance Frameworks: NIST 800-53, SOC 2, FedRAMP, 23 NYCRR 500, NAIC, HIPAA

Cloud Security & Control Assessments: Azure, Oracle Cloud, FedRAMP Compliance

Risk Assessment & Vulnerability Management: Nessus, Splunk, GRC RiskVision

Governance, Risk, & Compliance Tools: RSA Archer, ServiceNow, CSAM

Security Authorization & Monitoring: POA&M Management, ATO Processes, Continuous Monitoring

Identity & Access Management: IAM, RBAC, MFA, Privileged Access Controls.

Reviewing and updating System of Record Notices (SORN), interfacing/coordinating with Business/Staff Office responsibility for documents, documenting changes, and preparation of documentation (templates) for submission to DOT for further processing. Worked with stakeholders to prepare Privacy Act.

Works with members of the Information Security, Risk, & Compliance team.

Gathers and synthesizes data; presents conclusions; and offers risk mitigation, remediation and process improvement solutions to management.

Works with control owners across the company and internal and external auditors.

Identifies Business risks, operational and regulatory process deficiencies.

Communicates information security risk findings and recommendations to all stakeholders.

Performs technical risk assessment third party suppliers' security and privacy controls.

Maintains register of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities.

Assists in triage of compliance, risk and security requests in the ticket management system to ensure efficiency and prioritization.

Assists in maintaining overall security awareness, role-based security trainings and phishing simulation.

Assists in conducting user activity audits.

Contact this candidate