Kiana Lara
West Roxbury,MA
Summary
Security Control Assessor and Risk & Compliance professional with 6+ years of experience supporting Assessment and Authorization activities across federal and healthcare environments. Proven expertise in executing the NIST Risk Management Framework (RMF), conducting independent security control assessments, and developing high-quality authorization artifacts including Security Assessment Plans (SAPs), Security Assessment Reports (SARs), POA&Ms, and executive-ready risk summaries. Skilled in evaluating control effectiveness across on-premise and cloud-based systems, identifying compliance gaps, and translating regulatory requirements into practical remediation guidance aligned with NIST SP 800-53, FedRAMP, HIPAA, and related security and privacy standards. Recognized for strengthening audit readiness, improving stakeholder coordination, and bridging cybersecurity governance with health-tech compliance needs.
Overview
10
10
years of professional experience
1
1
Certification
Work History
SECURITY CONTROL ASSESSOR (REMOTE)
Accenture
06.2020 - Current
- Organizing and participating in kick-off meetings with information system stakeholders prior to assessments
- Adheres to the NIST Risk Management Framework (RMF) to support the A&A process, supporting policies, procedures, and plans, designing and implementing security controls, testing security controls, tracking corrective action plans
- Evaluate effectiveness and implementation of Continuous Monitoring Plans
- Develop and review SCA artifacts such as Security Assessment Plan (SAP), Security Assessment Reports (SAR), and Security Configuration Reports (SCR) Provide assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.
- Technically assess general support system security configurations and security control implementation using manual and automated test methods
Senior Security Control Assessor
M9 Solutions
07.2018 - 06.2020
- Monitor the progress of engagements and key project activity dates Drive working sessions with clients to ensure expectations and direction are aligned and timelines are being met
- Execute security assessments in accordance with NIST SP 800-53, 800-37, 800-171, and other authoritative IT security guidance
- Develop Security Authorization Packages and ensure completeness and compliance with Fed RAMP requirements and other authoritative IT security guidance
- Independently assess and audit information systems for our clients and assigned as Lead Assessor for project
- Examine documentation, including System Security Plans (SSPs), Incident Response Plans (IRPs), Configuration Management Plans (CMPs), Contingency Plans (CPs), Disaster Recovery Plans (DRPs), policies, and procedures, to ensure that control requirements have been addressed
- Interview system personnel to determine if the organization is adhering to their own documented processes.
- Performed duties in accordance with applicable standards, policies and regulatory guidelines to promote safe working environment.
Cyber Risk Consultant
Copious Technology Solutions, Inc
05.2016 - 07.2018
- Ensure organization are addressing and conducting all phases of the system development life cycle (SDLC)
- Review POA&M closure and waiver packages in accordance with the customer's POA&M Standard Operating Procedures
- Create/ Developed/ Updated / Reviewed documents not limited to SSP, SOP, Contingency Plan (CP), Contingency Plan Test CPT, CMP and Waivers
- Interview system personnel to determine if the organization is adhering to their own documented processes
- Developed and controlled execution of reporting and analytics for multiple operations departments.
- Developed short-term goals and long-term strategic plans to improve risk control and mitigation.
- Advised senior managers on policy strategies for reducing liability and preventing losses.
- Reviewed contracts and agreements to identify potential risks and ideal mitigation strategies.
Education
Bachelor - Computer Science
Boston University
Boston, MA06-2026
Skills
- Risk Management Framework
- RMF (NIST SP 800-37)
- Fed RAMP
- FISMA
- HIPAA
- NIST Standards (rev4-rev5)
- NIST Standards
- ISO 27001
- Risk Management
- Risk Analysis
- IT Auditing
- Tenable Nessus
- Security systems
- CSF
- Data Analysis Tools
- Technical Writing
Certification
- CompTIA Security+
- TILv4 certified
- CISA: in progress (September 2026)
Languages
Spanish
Timeline
SECURITY CONTROL ASSESSOR (REMOTE)
Accenture
06.2020 - Current
Senior Security Control Assessor
M9 Solutions
07.2018 - 06.2020
Cyber Risk Consultant
Copious Technology Solutions, Inc
05.2016 - 07.2018
Bachelor - Computer Science
Boston University