Karim A. Muma

• Conduct AI security assessment, ensuring compliance with industry regulations (NIST AI RMF, EU AI Act, GDPR etc.)
• Assess AI-driven applications for data privacy risks, security vulnerabilities, and algorithmic bias.
• Conduct thorough risk assessments to identify potential areas of non-compliance and recommended corrective actions.
• Collaborate with legal and compliance teams to align AI technologies with evolving regulatory requirements
• Perform risk audits on machine learning models to detect biases, adversarial attacks, and ethical concerns

• Provided detailed documentation on audit findings, facilitating swift corrective action when necessary.
• Monitored AI model performance for fairness and transparency, identifying and addressing potential biases.
• Ensured compliance with regulatory requirements by performing regular audits and staying up-to-date on industry standards.
• Streamlined audit processes, improving efficiency and reducing time spent on each audit engagement.
• Supported compliance efforts for AI systems, ensuring adherence to privacy and security standards.
• Worked with stakeholders to assess the societal impact of AI implementations, ensuring alignment with organizational values.
• Managed multiple concurrent audit engagements, prioritizing tasks to meet deadlines without compromising quality.
• Adapted plans and schedules to meet changing priorities of work objectives, resources and workload demands.

• Performed security categorization of Information Systems in accordance with FIPS 199 & NIST Special Publication 800-60 volume 2.

• Review Vulnerability and Compliance scan results (Nessus) and provide recommendations for timely mitigations.

• Initiated systems security evaluations, audits and reviews to identify vulnerabilities, risk and protection needs.

• Conducted ST&E Kick-off Meetings and populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.

• Managed Plan of Action and Milestones (POA&Ms) for identified vulnerabilities and perform compliance monitoring and associated activities.

• Identify security risks (threat/likelihood/impact) to systems, assets, and organization and document risks for management review.