Post Job Free
Sign in

AI Governance, AI Cybersecurity

Location:
Brandywine, MD
Posted:
July 09, 2026

Contact this candidate

Resume:

Nicole Ali

Brandywine, MD

Email: *************@*****.*** Mobile: 202-***-****

Professional Summary

Strategic security leader with 20+ years of experience applying frameworks for emerging technologies. Proven expertise in creating and implementing AI security controls, data privacy policies, and cross-functional governance structures. Track record of successfully bridging technical implementation with policy development for sensitive systems. Active TS/SCI security clearance with Full Scope & CI Poly

Core Competencies

AI Governance & Security: • AI model security controls• Responsible AI Frameworks, •AI risk assessment

•Risk Management Framework (RMF) data privacy •vulnerability management •Policy Development: Cross-functional policy creation• stakeholder management regulatory compliance

Technical Skills

•AI/ML: Prompt Engineering, AI Model Security, Model Governance • Security: Risk Management Framework (RMF), DISA STIGs, Vulnerability Management, ACAS • Tools: JIRA, Docker, Splunk, Microsoft Suite, SharePoint• Languages: JavaScript, HTML, Visual Basic Certifications: Certified CMMC Professional (CCP)-Tier 3 Background Investigation successfully completed June 2026, Certified AI Prompt Engineer, AI Governance Professional Certification (expected Dec. 2026) Data Privacy Solutions Engineer (CDPSE), Certified Information Systems Auditor (CISA), CompTIA Security+CE, ITIL V3 Foundation, ACAS Certification

Education Bachelor of Science Degree - Computer Information Systems, Marymount University, Arlington, VA

Professional Experience

12/2025-Present- Information System Security Engineer, ITC, Odenton, MD

• Conduct assessments using CIS Benchmarks responsible for hardening IT infrastructure by auditing system configurations against globally recognized best practices

• Ensure operating systems, cloud environments, databases, network devices are secure and compliant with regulatory standards resistant to cyber threats

• Interpret assessment results to identify non-compliant settings, root causes of security gaps, and provide remediation guidance to customer base

• Create and enforce security policies and procedures to ensure compliance aligned with Department of War

•Write scoping documentation, vulnerability assessments, cyber risk assessments and review artifacts

11/2024-12/2025 -Lead Cybersecurity Engineer, Amentum, Hanover, MD

•Provided guidance and tasking instructions to Cyber Team to ensure organized security posture is compliant

• Developed and deployed security protocols to protect systems, networks, and data from cyber threat

• Regularly evaluated vulnerabilities and potential threats to the organization's infrastructure

• Investigated and responded to security incidents and breaches, reviewing AI tools to enhance efficiency

• Generate Cybersecurity Risk Assessments (CRA) documenting security posture against CIS benchmarks for ensure compliance requirement

• Stayed updated on the latest AI trends and threats, and develop strategies to counteract them

• Worked closely with IT teams, developers, Engineers and stakeholders to ensure secure system configurations

01/2024 – 09/2024-Cybersecurity Systems Engineer, cFocus Software Inc., Washington, DC

• Managed/maintained scans across domains, identifying DISA STIGs or best practices for assessments and weekly scans

• Provided guidance for remediation of vulnerabilities and compliance findings

• Conducted system engineering activities with a cybersecurity focus, applying RMF

• Reviewed documentation, designed system architecture, and assessed security solutions against threats

• Developed functional, operational, and user requirements, and technical patterns of solution designs

• Ran ACAS scans mitigate findings and ensure network security posture

01/2020 – 01/2024- Information Systems Security Manager, Johns Hopkins Applied Physics Laboratory (APL) Laurel, MD

•Architected comprehensive governance framework for AI systems, establishing security controls and best practices for model development and deployment

• Led development of organization-wide AI security policies, focusing on responsible AI development and risk mitigation

• Created and implemented AI-specific security controls, resulting in standardized safety protocols across multiple projects

• Established governance processes for AI model testing, validation, and deployment

• Developed and delivered security training programs for AI teams, improving cross-functional collaboration

• Built risk assessment frameworks specifically tailored for AI systems

•Acted as the bridge between technical implementation and compliance documentation, ensuring that our internal controls are not only active but fully "Assessment Ready" according to the CMMC Assessment Guide

•Conducted discovery meetings throughout the lab to assist with identifying CUI data to ensure CMMC compliance

•Identified gaps in current environment, worked with IT/Systems Engineering to implement technical/administrative solutions

•Tracked Plan of Action and Milestones (POA&M) to completion, ensuring no open items remain before the formal assessment.

09/2018 – 01/2020- Product Delivery Manager/Solutions Engineer Deloitte, Springfield, VA

• Managed communication forums with system users and stakeholders

• Selected and allocated security controls for information systems, focusing on cloud systems.

• Identified and prioritized security risk impacts to information systems and their data

• Monitored POA&Ms to confirm findings, recommendations, and risk mitigation strategies

• Reviewed and compiled BOE to support client risk acceptance authorization decisions

• Provided guidance to program managers and information systems owners on securing information systems

12/2014 – 08/2018- Information Assurance Engineer, Lockheed Martin Hanover, MD & Fort Worth, TX

• Supported IT asset management and risk assessment efforts across multiple sites

• Conducted assessments to identify policy compliance and documented non-compliance exceptions

• Facilitated corporate and government compliance policies to ensure consistent asset management

• Analyzed and implemented organizational cybersecurity policies and procedures

• Performed evaluations of RMF artifacts and developed RMF documentation

06/2014 – 12/2014 -ActioNet, Information Sharing & Governance Analyst Washington, DC

• Defined governance frameworks for DOE's Information Sharing Safeguarding (ISS) Portfolio

• Led senior executive briefings on governance initiatives and cybersecurity policy

•Established cross-functional governance boards overseeing information sharing activities

01/2014-06/2014 -Minerva Engineering, Systems Engineer, Chantilly, Virginia

• Translated mission-critical system specifications into technical requirements for system development and system testing as assigned to the Cyber team

• Performed requirement elicitation and analysis to ensure properly defined user needs

• Executed all aspects of requirements, including requirements prioritization and functional/non-functional requirements development

• Interfaced with the Security Architecture Team designing DoD Architecture Framework (DoDAF) OV5/OV6 views to accurately develop functional requirements

• Contributed to capability documents, requirements specifications, and Interface Control Documents.

• Ensured bidirectional traceability across functional, operational, and user requirements

• Performed requirements validation to ensure completeness, correctness, and testability

• Developed verification methods and evaluation criteria for validating system performance

04/2012-04/2013 -MCR, Configuration Management & Data Privacy Consultant, Brussels, Belgium

• Developed and enforced data privacy policies across NATO member nations

• Created governance frameworks for international data sharing and protection

• Managed implementation of cross-border security access controls

03/2009-03/2012 -SAIC, Implementation Project Manager/Cybersecurity Info. Systems Manager, Stuttgart, Germany

• Developed strategic governance policies for US Africa Command's Joint Operations Center

• Created and implemented security procedures for multi-national operations

• Presented governance and security recommendations to Command leadership

07/2006-03/2009-L3 Communications, Senior Requirements & Systems Engineer, Stuttgart, Germany

• Led Cybersecurity Engineering Working Group for operational requirements

• Participated in IPTs to design new capabilities based on operational and development considerations.

• Defined verification methods, processes, and evaluation criteria for system validation

• Developed alternative system concepts and physical architectures to support mission needs

11/2005-07/2006-SAIC, Systems Engineer, Hanover, MD

• Conducted endtoend assessments of system requirements, interfaces, and risks to support engineering reviews

•Developed system design alternatives considering lifecycle cost, complexity, scalability, and risk

•Fully defined software and hardware interfaces, including data, stimulus, electrical, and mechanical characteristics.

•Supported configuration control processes and contributed to CCB decisionmaking

• Performed systems requirements gathering for intrusion detection systems, integrated requirements into the Telelogic DOOR requirement management tool

•Generated DoDAF artifacts, analyzed and validated requirements, evaluated documentation, assessed proposed changes as well as risks; developed risk mitigation strategies

01/2005 -11/2005-Northrop Grumman, Systems Engineer, Hanover, MD

• Translated requirements that aligned with Program goals and objectives into design plans implemented by developers

• Used modeling tools to present graphical analysis for requirements depicting information at a high level

• Performed requirements validation to ensure documented requirements satisfy customer needs

•Established formal processes for managing requirements changes, ensuring traceability, stakeholder alignment, and impact assessment

•Ensured traceability and impact assessment for all requirement changes throughout the lifecycle

•Developed highlevel architectural models to support design and decisionmaking

•Defined interface requirements across software and hardware components

•Supported verification planning and development of evaluation criteria

01/2002-01/2005-Lockheed Martin, Sr. Systems Engineer, Hanover, MD

• Conducted requirements analysis and interface definition studies to translate customer requirements into hardware/software specifications, provided technical evaluations during the preliminary systems design phase, and solutions to interface problems between systems

•Maintained technical integrity of system baselines through formal configuration control

•Developed system design alternatives considering lifecycle cost, reuse, complexity, and system growth

•Performed quantitative analysis of nonfunctional performance areas such as reliability and survivability

•Used modeling, simulation, and prototyping to reduce development risk and cost

• Evaluated and disseminated signals intelligence (SIGINT) information impacting Cyber operations and coordinated SIGINT-activity reports with ground stations

• Measured contract deliverables using the Artemis Earned Value management tool

• Identified cost and schedule constraints, trained staff on how to use the knowledge management collaboration portal

• Coordinated crossdiscipline resolution of action items from CCBs, design reviews, program reviews, and test events

12/2000–12/2001-KPMG Consulting, Senior Management Analyst, Arlington, VA

• Evaluated product scope for collaboration tools for the US Navy combat system operation plan

• Developed business process models using Erwin data modeling tools, prepared Q/A reports to support business process improvements, used the Scitor process simulation tool to simulate and analyze business processes

• Created and delivered effective data models, simulations, and streamlined business processes that reduced ambiguity, duplications, and data inefficiencies



Contact this candidate