Aneta Bourne

• Perform comprehensive Risk Management plan to address, identify, assess, and provide prioritization of risks
• Develop and maintain the documentation of ATO Packages for Assessment and Authorization (A&A) of assigned information system such as the SSPs, SARs and POA&Ms in accordance with regulatory requirements
• Assist with security categorization using NIST SP 800-60 and FIPS 199 and Develop/Review Privacy documents such as Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA) with system stakeholders
• Perform IT operating effectiveness tests in the areas of security, operations, change management and conduct FISMA-based security risk assessments for various government contracting organizations and application systems following NIST 800-53 processes and controls
• Develop and review system security artifacts and monitor the environment of operation for changes and provide recommendation to maintain regulatory compliance and security posture of the system
• Provide support in policy interpretations and compliance requirements to stakeholders and implementation teams and review third party security contracts for compliance
• Participate in remediation meetings with the ISSM, System Owners, Information Owners, and IT Developers to discuss remediation strategies, and other IT Security and Privacy related issues
• Investigate threats or vulnerabilities from various sources as NVD, CVEs or 3rd party vendors and analyze vulnerability scan reports
• Analyzed network traffic and system logs to detect malicious activities.
• Conducted security audits to identify vulnerabilities.
• Performed risk analyses to identify appropriate security countermeasures.
• Assessed vendor security during procurement processes, ensuring compliance with company policies and industry best practices.

• Collaborated with system engineers and security teams to design, implement, and perform periodic testing, risk assessments, and recommend appropriate actions
• Performed IT internal audit programs for operational and compliance (ISO 27001, SOC 2) audits and documented audit reports and met audit project milestones
• Coordinated with external auditors for document request lists, walk throughs testing, testing status, deficiency tracking and remediation results
• Worked closely with the auditees to verify timely progress, completion of agreed action plans and performed root cause analysis for issues
• Contributed to other internal department initiatives, such as training and development, developed and completed internal reviews as requested
• Participated in meetings with managers and IT personnel to define audit objectives, scope and gather information required to perform audit functions
• Supported in other special projects or strategic initiatives at the direction of the executive management team or Board Audit Committee
• Identified discrepancies, providing actionable insights for improvement.
• Mitigated potential risks, identifying and addressing vulnerabilities.

Monitored 2 underwriters and 6 processor pipelines to ensure that loans were being processed and decisions timely and efficient in accordance with regulatory requirements

• Resolved complex home equity and member service issues
• Provided training to 17 staff members on an ongoing basis
• Developed and maintained engagement plans with input from staff
• Managed and developed home equity processing staff
• Drove cutting-edge analytics to uncover data insights and transform them into actionable business decisions
• Developed strategic plans to enhance operational efficiency and increase productivity.
• Streamlined processes with innovative solutions, reducing project completion time.
• Supervised daily operations, ensuring adherence to company policies and procedures.
• Facilitated professional development opportunities for staff, boosting employee retention.
• Enhanced customer satisfaction by resolving disputes promptly, maintaining open lines of communication, and ensuring high-quality service delivery.
• Fostered team collaboration through effective communication and leadership.