Ashley Sinclair

• Assessed General Support Systems (GSS), National Security Systems (NSS) and Industrial Control Systems (ICS) against NIST Framework and applicable overlays.
• Analyzed data collected from assessments and developed individualized service plans based on client needs.
• Analyzed business requirements, technical specifications, user documentation, and other project documents to create detailed test scenarios.
• Advised management of potential risks associated with assessment results and recommended strategies for mitigating them.
• Developed training materials for staff members related to assessing clients' needs and abilities.
• Provided technical assistance to other assessors in the organization regarding best practices in assessment procedures.
• Maintained accurate records of all assessment activities, including participant information, test scores and session notes.
• Reviewed existing policies, procedures and protocols related to assessment processes and made recommendations for improvement as needed.
• Collaborated with interdisciplinary teams to ensure that all client assessments were completed accurately and timely.

Transitioned from sub contractor to prime contractor with Accenture Federal Services.

• Assisted in launching Vulnerability Management Program for US Development Finance Corporation (DFC).
• Assisted in implementing Privacy Program and privacy controls for DFC.
• Key player in developing, implementing and managing 24 FedRamp Authorization To Operate (ATO) for DFC.
• Participated in OIG Audits to support DFC compliance with federal regulations.
• Developed agency assessment plans and strategies to ensure compliance with standards.
• Conducted agency risk assessments to identify areas of noncompliance or vulnerability.
• Monitored the effectiveness of assessment methods through feedback from stakeholders.
• Drafted policy documents related to assessment activities and procedures.
• Conducted regular internal audits to ensure compliance with established standards.
• Provided training sessions on cyber-security topics to end users and IT staff members.
• Reviewed, updated and maintained the organization's privacy policies and procedures.
• Conducted internal audits to verify compliance with applicable laws and regulations related to data privacy.
• Collaborated with other departments to develop comprehensive compliance programs.

• Performed assessments of IT controls using industry standard guidance and leading practices (NIST SP 800-53A REV4)
• Performed walkthrough interviews and maintained communication with a variety of client stakeholders, including system personnel such as system and database administrators
• Requested, obtained, reviewed, and analyzed a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
• Professionally document the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
• Summarized and communicated IT controls assessment results to a variety of client stakeholders, including senior leadership personnel.
• Planned and executed day-to-day activities of IT controls assessments individually and for the team
• Worked with federal government client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans.
• Provided subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel.

• Reviewed and maintained all Assessments and Authorizations (A&A) documentation are included in the system security package to obtain Authorization to Operate (ATO).
• Ensured implementation of appropriate security control for Information System based on NIST Special Publication 800-53 Rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199.
• Reviewed and updated remediation on (POAMs), in organization's Cyber Security Assessment and Management (CSAM) system.
• Worked with system administrators to resolve POAMs, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.
• Collaborates with System Administrators to remediate (POA&Ms) findings.
• Monitored controls post authorization to ensure continuous compliance with the security requirements and continuous monitoring requirements.
• Reviewed, updated and maintained procedures, operational process document, change control document, operational checklist, detailed system specifications and procedures.
• Assisted in developing training materials for employees on data protection.
• Performed information security risk assessments and assist with the internal auditing of information security processes.Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.

• Reviewed and monitored compliance with applicable laws, regulations, and policies to ensure compliance with regulatory requirements.
• Analyzed potential areas of risk and developed strategies to mitigate such risks.
• Developed training materials for personnel regarding compliance standards and procedures.
• Coordinated with internal stakeholders to ensure adherence to relevant rules and regulations.
• Investigated any suspected violations of the organization's compliance policies.
• Performed periodic reviews of existing processes and procedures to identify areas of improvement in terms of compliance standards.
• Maintained an up-to-date knowledge base of all relevant laws, regulations, guidelines, and industry standards.

• Held various roles and responsibilities throughout tenure with SMC.
• Provided first level support to customers before escalation.
• Provided base level IT supports to both internal and external customers.
• Logged all complaints and inform customers about issue resolution progress.
• Assigned issues to appropriate support group for thorough support and prompt resolution.
• Installed, configured, and troubleshoot software.
• Cross-trained and provided back-up for other IT support representatives when needed.
• Displayed exceptional telephone etiquette and professionalism in answering and resolving technical calls.