Post Job Free
Sign in

Risk Assessment & Management, GRC tools, PO&AM Management & Mitigation

Location:
Bronx, NY
Posted:
May 22, 2025

Contact this candidate

Resume:

Joseph Panford

646-***-**** *************@*****.***

Professional Summary

Review security plans, processes and strategies to identify areas for improvement or update. Leverage expertise in security regulations and directives for organizational- and agency-level requirements. Demonstrate expertise in analyzing and implementing security requirements into products and systems. experience in Risk Management and Compliance, Assessment & Authorization process, POA&M management, Vulnerability Assessment, Continuous Monitoring program, Security Control Assessment in accordance with NIST, FISMA, OMB, RMF, FedRAMP and industry best Security practices

Core Proficiencies / Technical Skills

● Risk Assessment & Management, GRC tools, PO&AM Management & Mitigation, Authorization-to-Operate (ATO) Documentation, Networking Fundamentals, Active/Passive Reconnaissance, NIST & HIPPA regulatory compliance, Security Control Assessment (SCA), ATO Package/System Documentation, Threat and Vulnerability Assessment

Work Experience

Application Analyst

Booze Allen Hamilton, Remote 2025 – present

Strengthen and harden the VA's IT security posture, ensuring compliance and risk mitigation for external connections.

Draft, review, and approve Memorandums of Understanding (MOU) & Interconnection Service Agreements (ISA) for external connections, submitting documentation to VA Change Control Board for implementation.

Validate MOU/ISA documents for site-to-site interconnections & cloud connections (VA Enterprise Cloud, AWS, etc.) with FedRAMP, aligning documentation with FIPS 199 Security Categorization standards.

Cybersecurity Engineer

Booze Allen Hamilton, Remote 2025 – 2020

Lead preparation efforts for OIG annual inspections, ensuring the VA’s external connections meet security audit requirements.

Act as a subject matter expert (SME) on NIST controls, supporting assessment reviews and advising senior leadership.

Drive process automation initiatives using Microsoft SharePoint workflows, increasing efficiency in operations. Ensuring the VA’s external connections meet security audit requirements.

Direct Support Associate

Metro DDSO, New York, NY 2020-2017

Coordinated with the Vulnerability and Patch Management department to review vulnerability scan results, report findings and developed mitigation plans for corrective actions.

Worked with system stakeholders to review and maintain security documents such as Configuration Management Plan (CMP), Contingency Plan (CP), Disaster Recovery Plan (DRP), Incident Response Plan (IRP), ISAs and PTA/PIA for compliance.

Responsible for researching and evaluating relevant information security policies, guidance, and best industry practices, including NIST and FISMA for applicability to IT systems security.

Education

Certificate in Cybersecurity

MITx, Online 2023

Bachelor’s degree

Utica College, University 2013

Professional Certifications

CGRC (ISC2)

NIST CSF 2.0 2024 (INFOSEC)

eMASS CBT Training Certificate

Scrum Master

Security+ In Progress



Contact this candidate