Risk Assessment & Management, GRC tools, PO&AM Management & Mitigation
Resume:
Joseph Panford
646-***-**** *************@*****.***
Professional Summary
Review security plans, processes and strategies to identify areas for improvement or update. Leverage expertise in security regulations and directives for organizational- and agency-level requirements. Demonstrate expertise in analyzing and implementing security requirements into products and systems. experience in Risk Management and Compliance, Assessment & Authorization process, POA&M management, Vulnerability Assessment, Continuous Monitoring program, Security Control Assessment in accordance with NIST, FISMA, OMB, RMF, FedRAMP and industry best Security practices
Core Proficiencies / Technical Skills
● Risk Assessment & Management, GRC tools, PO&AM Management & Mitigation, Authorization-to-Operate (ATO) Documentation, Networking Fundamentals, Active/Passive Reconnaissance, NIST & HIPPA regulatory compliance, Security Control Assessment (SCA), ATO Package/System Documentation, Threat and Vulnerability Assessment
Work Experience
Application Analyst
Booze Allen Hamilton, Remote 2025 – present
Strengthen and harden the VA's IT security posture, ensuring compliance and risk mitigation for external connections.
Draft, review, and approve Memorandums of Understanding (MOU) & Interconnection Service Agreements (ISA) for external connections, submitting documentation to VA Change Control Board for implementation.
Validate MOU/ISA documents for site-to-site interconnections & cloud connections (VA Enterprise Cloud, AWS, etc.) with FedRAMP, aligning documentation with FIPS 199 Security Categorization standards.
Cybersecurity Engineer
Booze Allen Hamilton, Remote 2025 – 2020
Lead preparation efforts for OIG annual inspections, ensuring the VA’s external connections meet security audit requirements.
Act as a subject matter expert (SME) on NIST controls, supporting assessment reviews and advising senior leadership.
Drive process automation initiatives using Microsoft SharePoint workflows, increasing efficiency in operations. Ensuring the VA’s external connections meet security audit requirements.
Direct Support Associate
Metro DDSO, New York, NY 2020-2017
Coordinated with the Vulnerability and Patch Management department to review vulnerability scan results, report findings and developed mitigation plans for corrective actions.
Worked with system stakeholders to review and maintain security documents such as Configuration Management Plan (CMP), Contingency Plan (CP), Disaster Recovery Plan (DRP), Incident Response Plan (IRP), ISAs and PTA/PIA for compliance.
Responsible for researching and evaluating relevant information security policies, guidance, and best industry practices, including NIST and FISMA for applicability to IT systems security.
Education
Certificate in Cybersecurity
MITx, Online 2023
Bachelor’s degree
Utica College, University 2013
Professional Certifications
CGRC (ISC2)
NIST CSF 2.0 2024 (INFOSEC)
eMASS CBT Training Certificate
Scrum Master
Security+ In Progress
Contact this candidate