-
Execute security compliance implementation and audits (e.g., ISO 27001/42001, SOC2, FedRAMP HIGH, DoD Cloud Computing SRG IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework).
-
Work with 3PAOs (Third-Party Assessment Organizations) and federal government Authorizing Officials (AOs) to achieve compliance certifications, reports, and Authorized to Operate (ATO) status.
-
Identify, assess, and prioritize risks related to AI operations, cybersecurity, regulatory compliance, intellectual property, and cloud deployments.
-
Design and implement risk mitigation strategies, including monitoring systems, contingency plans, vulnerability scans, Plan of Action and Milestones (POAMs), and STIGs.
-
Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures throughout the project lifecycle.
-
Serve as a liaison between system owners, security personnel, and cross-functional teams to facilitate effective communication, collaboration, and control implementation.
-
Lead Risk Management Assessment and Authorization (A&A) processes, cloud system risk assessments, compliance reviews for new products/changes/features, and process enhancements.
-
Conduct regular risk assessments, scenario analyses, and proactive evaluations of emerging threats, certifications, requirements, and technologies in the AI landscape.
-
Oversee audits, certifications, third-party assessments, and vulnerability management to maintain compliance and operational credibility.
-
Act as a subject matter expert, providing guidance on risk, compliance, and cybersecurity matters; translate business and technical risks for leadership.
-
Create and present regular reports on GRC performance, risks, and compliance status to senior leadership and stakeholders.