Quality Assurance Analyst Senior
Resume:
Sangeeta Sinha
Senior Information Systems Security Analyst
********.*********@*****.*** 937-***-**** Germantown, Maryland
SUMMARY
Cybersecurity and compliance professional with 15+ years of expertise supporting U.S. federal agencies in achieving security compliance, risk mitigation, and process optimization. Specialized in federal security frameworks (NIST, IRS-1075, IRM), cloud security, and audit readiness (ISO 9001/27001, CMMI). Excellent at securing ATOs, closing POAMs, and leading security documentation efforts that accelerate project delivery and reduce risk. Have worked internationally in the US, India, and Saudi Arabia in academic and corporate environments.
KEY ACHIEVEMENTS & CAPABILITIES
Secured 7+ new projects and associated revenue through proactive security support at IRS.
Accelerated federal ATO approvals by streamlining security documentation processes.
Ensured that systems implemented offensive security tactics to ensure the security structure was protected from evolving threats and changes to the security posture of the system
Deep knowledge of security standards including NIST, IRS-1075, IRM, Health Insurance Portability and Accountability Act (HIPAA), Risk Management Frameworks, and cloud provider compliance and Risk frameworks.
Have worked with CMS Information System Security Officers (ISSOs) to successfully close the POAMs, obtain ATOS, handle security related issues/incidents and protect the Confidentiality, Integrity and Availability of data for different systems.
Have analyzed System Security Plans of several clients to ensure they have implemented
Expert in CMS tools like CFACTS (CMS FISMA Control Tracking System) and in preparing for ISO 9001 and ISO 27001 audits.
Developed and delivered successful training programs for clients including Freddie Mac, CMS, and NIH.
Skilled in preparing and conducting internal CMMI audits (Level 5 for Development and Level 3 for Services). Actively participated in ISO 9001 and ISO 27001 audits.
Implemented QA processes that reduced documentation time by over 20%.
COMPUTER SKILLS / Technical skills
Microsoft Office – Excel, Word, PowerPoint, Access, Paint, Visio, SharePoint,
Atlassian tools & other Project management tools: JIRA, Confluence, and Redmine for tracking bugs and issues.
Penetration and Application Vulnerability testing tools – BURP, Sonar-Qube.
SQL, SAS, Visio
JAWS Screen Reader Ver. 18
Knowledge of security standards of Cloud platforms like AWS, Microsoft Azure, and Google Cloud.
LANUAGES SPOKEN
English (Fluent)
Hindi (Fluent)
Spanish (Beginner)
PROFESSIONAL EXPERIENCE
e-Telligent Group, VA (100% MBI Cleared) December 2023 – April 2025
Cyber Security Specialist
Worked for the Continuous Authorization Services and Oversight (CASO) division of the IRS.
Assisted different systems being launched on the Cloud environment obtain the Authority to Operate (ATO).
Ensured that the security documents of IRS clients who were delivering existing or new systems to the Cloud environment were in alignment with IRS approved and accepted Cybersecurity operating standards, Cybersecurity Internal Revenue Manual (IRM) compliance standards and mandated Cybersecurity federal guidance.
Assisted the company obtain more revenue and establish a stronger relationship with the clients by identifying a task where several of the clients expressed their need for help. As a result, I helped 7 projects successfully complete their SSP, pass their Third Party Security Control Assessment and obtain the Authority to Operate (ATO) for their applications.
Created the System Security Plan (SSP) and other security documents for different IRS clients and ensured that they pass the Security Control Assessments conducted by Third Party Assessors.
Assisted in mitigating Findings identified during Security Control Assessments.
Provided Quality Assurance to major documents developed by the team and implemented changes to these documents.
Turning Point Global Solutions, MD June 2012 – December 2023
Program Manager
Performed Independent Verification and Validation (IV&V) for Center for Medicare and Medicaid Services (CMS) Federally Facilitated Exchanges (FFE).
Ensured that all Application Development Organizations (ADOs) implement and follow the business processes, security standards, policies and procedures mandated by CMS.
Interacted with stakeholders and regularly communicated the accomplishments, Risks, and issues of projects with CMS.
Senior Information Systems Analyst
Performed internal audits for ISO 27001 and ISO 9001 certifications.
Worked on State and Federal Medicare and Medicaid systems. Responsibilities included:
Development of security documentation, working with technical team to analyze and fix network and other security issues, analysis of vulnerability scans.
Created and facilitated Role-based training to all module contractors and stakeholders associated with the projects. Provided Organizational training on Security, CMMI and QMS
Gathered and implemented security requirements while being compliant with Federal and State security policies and standards including IRS 1075 requirements and worked with relevant teams to develop Safeguard Computers Security Evaluation Matrix (SCSEMs).
Provided oversight and assistance to module and system owners to pass Security Control Assessments (SCAs) and Adaptability Capabilities Testing (ACTs) for CMS health care projects conducted by Third Party Assessors.
Have provided remediation and mitigation plans during these assessments to expedite the ATO process.
Ensured that systems implemented offensive security tactics by conducting regular and thorough evaluations of the security and privacy controls, by using automated tools and processes to continuously monitor controls to detect vulnerabilities in real time and respond to evolving threats and changes to the security posture of the system.
Responsible for the documentation and implementation of security policies, standards, procedures, and guidelines, developed and maintained security documentation such as System Security Plans (SSP), Information Security Risk Assessments (ISRAs), Privacy Impact Systems (PIA), Contingency Plans (CPs), Security Impact Systems (SIAs), Security Incident Reporting and other security documentation for both State and Federal projects.
Was responsible for the approval of Privacy Impact Assessments of CMS projects.
Knowledgeable on NIST 800-53 Rev 5, MARS-E (CMS Minimum Acceptable Risk Standards for Exchanges) control set, Health Insurance Portability and Accountability Act (HIPAA), FISMA and FEDRAMP policies and procedures.
Managed and contributed to proposal writing for the information security sections throughout the color team review process, from developing content during Pink Team to incorporating executive feedback during Gold Team and finalizing the submission.
Testing
Performed requirement gathering and analysis for projects and web-based applications for the National Institutes of Health (NIH) and CMS.
Delivered major artifacts like Test Plans, Test Scripts, Test Cases, Requirement and Security documents.
Facilitated onsite and online UAT sessions and training for NIH and CMS projects.
Experience in working in an Agile environment.
Performed security testing for CRM platforms on State Medicaid projects, CMS healthcare projects and on NIH projects.
Written and executed test cases for User Interface (UI) and Functional Testing for projects in the NIH Office of the Director. (NIH/OD)
Performed testing for Section 508 compliance using JAWS screen reader.
EDUCATION
MBA - Master of Business Administration Major - Management of Information Systems
(Wright State University, Dayton, OH)
M.Ed. - Masters of Education Major - Educational Technology
(Wright State University, Dayton, OH)
BS - Bachelor of Science – India
PROFESSIONAL TRAINING & CERTIFICATON
Certification of Completion of QMS Auditor / Lead Auditor Course
CMMI Level 5 Associate Certification for Development
CMMI Level 3 certifications for Development and Services
Six Sigma White Belt certification
Six Sigma Green Belt training
Clearances: MBI (Active), Public Trust (Probably expired)
Contact this candidate