Information Assurance/Risk Management

GEOFFREY G. KARANJA, MIS

Current Active Secret (TS/SCI eligible)

*******@*****.***. 443-***-****

Professional Summary

Over 17 years of experience in IT security, including 9+ years as a Certified Advanced Security Professional (CASP+). Expertise in Security Assessment Review and Assessment, cybersecurity compliance, risk assessment, and threat mitigation. Vulnerability assessments, implementing security controls, and leading incident response while ensuring adherence to DoD 8570 IAT Level III standards.

Core Competencies

Evaluation of Risk Assessment and Management: Verify Security Control Assessments (SCAs) in Security Audits, RMF, FedRAMP, POA&M, NIST 800 SP, CNSS 1253, POA&M, ATO, and FISMA compliance

Vulnerability Management: Proficient in ACAS, Tenable Nessus, DISA STIGs/SRGs, and laisse with DevOps to mitigate system vulnerabilities and create POA&Ms to track remediation efforts

Security Operations and Architecture: Threat modeling, continuous monitoring, and ATO security audits of Information Assurance to maintain system security posture

Accreditation: Validate System Security Plans (SSP), Security Control Policies (SCP), and Assessment & Accreditation (A&A) to meet the security requirements

Cloud Services: Azure PaaS, and Palantir Federal Cloud Service (PFCS)

Leadership & Communication: Project Management across-functional cybersecurity teams

Certifications

CompTIA Advanced Security Practitioner (CASP+)

Microsoft Certified Professional (MCP) – Windows 10

CompTIA Security+, CompTIA A+

DoD eMASS and RMF Certification

DoD 8570 IAT Level III Certification

DoD Certified Authorization Professional (CAP)

Education

Master of Science – Computer Science (Information Systems Security), American InterContinental University

Bachelor of Science – Information Technology, American InterContinental University

Bachelor of Science – Statistics, Shivaji University, India

Work Experience

Sr. Cybersecurity System Engineer – ISSO

Nakupuna Companies Aberdeen Proving Ground, MD Aug 2024 – Feb 2025

Led cybersecurity compliance efforts, guiding vendors and stakeholders in implementing FISMA standards, NIST and RMF security controls to meet federal security requirements

Reviewed Risk Management and Assessment, Insider Threat Analysis, IT Policies and Procedures to determine security violations or vulnerabilities and validated security requirements

Security Audits & Assessments of ATO documentation, including System Security Plans (SSPs), Security Assessment, Implementation Plan and POA&M and Works closely with cybersecurity engineers

Oversaw cloud security for Azure PaaS, ensuring FedRAMP compliance and processing package renewals

Prepared Monthly and Weekly Status Reports of completed and planned schedules

Sr. Cybersecurity System Engineer – ISSO

ManTech International Aberdeen Proving Ground, MD Nov 2022 – Aug 2024

Led continuous RMF monitoring via eMASS, managing POA&Ms and conducting security Assessment, policy assessments and other artifacts

Provided DISA STIG compliance expertise, executed ACAS-Nessus scans, and supported IAVM mitigation

Validated the security requirements of the information system and verified that the system meets the security requirement

Collaborated with system developers to document security policies and drive risk mitigation

Information System Security Officer – ISSO

Broadleaf Inc. Aberdeen Proving Ground, MD Jul 2018 – Nov 2022

Conducted risk assessments, FISMA audits, and managed continuous monitoring of security controls

Led A&A processes, maintained ATO compliance, and collaborated with developers for security solutions

Provide identification of non-compliance with security requirements and mitigations to requirements that are not in compliance

Mitigated and resolved security vulnerabilities while ensuring effective control implementation

Senior Cybersecurity & Information Assurance Engineer

Engility Corp. Aberdeen Proving Ground, MD May 2017 – Jul 2018

Prepared POA&Ms, System Backup, and Recovery Plans, ensuring comprehensive ATO artifacts are documented

Performed ACAS audits, designed IA systems, and developed policies to strengthen system security

Cybersecurity Engineer

L-3 Corporation & CACI Corporation Landover and Frederick, MD Oct 2008 – May 2017

Ensured RMF and DIACAP compliance for fielded systems, managing patch management and IAVA testing

Awarded Certificate of Appreciation for minimizing downtime on TAMMIS servers worldwide

Performed vulnerability analysis, risk assessments, and regression testing for system integrity

Community Involvement

St. Jude Children’s Research Hospital – Ongoing donor

Habitat for Humanity & Purple Hut – Vehicle donations and participant

Active member of the CompTIA Cybersecurity Community

Contact this candidate