Post Job Free
Sign in

Cybersecurity Risk Assessor

Location:
Virginia Beach, VA, 23464
Salary:
125000
Posted:
April 06, 2026

Contact this candidate

Resume:

HOWARD H. MARTELL

**** ******** **** ***** • Virginia Beach, VA 23464

Cell: 757-***-**** • Home: 757-***-****

Email: *******************@*****.***

RISK & COMPLIANCE ANALYST • CYBERSECURITY • DoD

RISK MANAGEMENT • AUTHORIZATION AND ACCREDIATION • SECURITY OPERATIONS

Accomplished Cybersecurity / Risk & Compliance Analyst with 20+ years of progressive experience securing complex DoD and enterprise environments, including extensive service in the U.S. Navy and commercial defense contractors. Deep background as a Navy Qualified Validator (NQV) and IAM Level II practitioner leading RMF/DIACAP assessments, FISMAaligned compliance, and security authorization work for missioncritical systems.

Proven track record in:

Risk Management & Compliance – RMF, DIACAP, FISMA, NIST 80053

Security Control Assessment for Navy systems and training ranges

Vulnerability Management (ACAS/Nessus, HBSS, STIGs, SCAP,EMASSTER)

Identity & Access Management (IAM Level II) and secure network operations

Translating complex DoD, NIST, and Cloud SRG requirements into practical, scalable controls—experience that maps directly to Risk & Compliance Analyst roles in regulated environments (e.g., DoD, FedRAMP, AWS GovCloud).

SECRET clearance (TOP SECRET SI ).

EDUCATION & CERTIFICATIONS

B.S., Cybersecurity (Aug 2025)

Southern New Hampshire University

A.A.S., Information Technology – Network Security (May 2022)

Tidewater Community College

Certifications & Training

CompTIA Security+ (CE)

CompTIA Server+

NQV LEVEL (NQV0035) – Navy Qualified Validator

Information Systems Security Manager (NEC 2779)

Network Security Vulnerability Technician (NEC 2780)

Information Systems Administrator (NEC 2735)

Electronic Key Management System (EKMS Manager)

NTCSS System Administrator

DISA SRR Traditional Security Training

eMASS Course, ACAS Course

Primary Leadership & Development; First Line Leadership & Development; Command Training Team (CTT)

Clearance: SECRET, TOP SECRET eligible

AREAS OF EXPERTISE

DoD Risk Management Framework (RMF) & legacy DIACAP

Navy Validator / Security Control Assessor functions

NIST SP 80053, 80037, FISMA, DoDI 8500 series

Risk & Compliance Analysis (Assessment & Authorization / ATO)

Vulnerability Management (ACAS / Nessus, HBSS, STIGs, SCAP)

COMSEC & Secure Communications Management

Identity & Access Management (IAM Level II)

Secure Network Operations (NIPR/SIPR and similar)

POA&M Management & Continuous Monitoring

Security Documentation: SSP, SAR, POA&M, Contingency Plans

Crossfunctional Security Advisory (engineering, ops, leadership)

Security Awareness & IA/RMF Training

PROFESSIONAL EXPERIENCE

AUSGAR Technologies – Norfolk, VA

Cybersecurity Analyst III / Navy Qualified Validator (Risk & Compliance)

2016 – Jan 2026

Serve as a Navy Qualified Validator (NQV) executing Independent Verification & Validation (IV&V) in support of DoD RMF and legacy DIACAP processes, functioning as a Security Control Assessor–type resource for Navy Authorizing Official (NAO) activities.

Lead risk and compliance analysis for Navy training ranges, NCTE sites, networks, enclaves, and applications, assessing implementation of NIST SP 80053 controls and providing clear recommendations on residual risk and risk treatment (mitigate/accept) to authorizing officials and senior leadership.

Perform comprehensive vulnerability assessments using ACAS/Nessus and other DoD tools; analyze findings, prioritize by mission impact, and coordinate remediation with system owners, network engineers, and administrators to reduce attack surface and close critical/highrisk vulnerabilities.

Review and validate Authorization / Accreditation packages, including System Security Plans (SSP), Security Assessment Reports (SAR), POA&Ms, and Continuous Monitoring plans, ensuring alignment with RMF, FISMA, and servicespecific requirements prior to ATO decisions.

Ensure ongoing compliance monitoring across Navy training environments by conducting site visits, documentation reviews, and configuration checks (STIGs/SCAP), supporting readiness for Cyber Security Inspections (CSI) and Command Cyber Readiness Inspections (CCRI).

Provide IAM Level II oversight by reviewing account management processes, RBAC configurations, and leastprivilege enforcement, reducing unauthorized access and privilege creep across supported systems.

Apply expert knowledge of directives and standards—including DoDI 8570.01M, NIST SP 80037, NIST SP 80053—to ensure systems meet all required security controls, documentation, and evidence expectations.

Deliver security awareness and RMF/IA process training to commands and technical staff, improving understanding of control requirements, evidence collection, and remediation expectations.

Blue Water Federal Solutions – Norfolk, VA

Cybersecurity Analyst – Risk & Compliance (US Fleet Forces Command N6)

Apr 2014 – Aug 2016

Served as Task Lead Analyst for US Fleet Forces Command (USFF) N6, supporting creation and maintenance of accreditation packages for USFF headquarters networks and systems.

Ensured compliance with FISMA and DoD IA policies by coordinating regular ACAS vulnerability scans, reviewing results, and updating IA documentation and status in the IA SharePoint portal.

Managed submission of Certification & Accreditation packages within Enterprise Mission Assurance Support Service (eMASS) under the DIACAP framework, ensuring required artifacts and evidence were complete, consistent, and high quality.

Coordinated with system owners, administrators, and Information Assurance Managers (IAMs) to ensure all IA controls (IACs) were met in accordance with DoD Instruction 8500.2, and that any gaps were documented and tracked via POA&Ms.

Reviewed all deliverables for quality, compliance, and consistency prior to collaboration with the Navy Authorizing Official (NAO), supporting riskbased ATO decisions.

Honeywell HTSI – Norfolk, VA

Cybersecurity Analyst / NIST A&A Specialist

Aug 2014 – Apr 2015

Supported development of security documentation and A&A packages for GSS and major application systems within a federal environment (FEMA IT Resiliency and Security Team).

Performed and documented IA control compliance assessments in alignment with NIST RMF, reviewing artifacts and validating control implementation and effectiveness.

Conducted quality assurance reviews of A&A artifacts to identify discrepancies, gaps, and improvement areas prior to submission to authorizing officials.

Coordinated with system/security staff to validate FIPS 199 categorizations, eauthentication workbooks, Security Plans (SP), Contingency Plans (CP), and Contingency Plan Tests (CPT).



Contact this candidate