Nick Rastetter
Parlin,NJ
Summary
Cybersecurity and Governance, Risk, and Compliance (GRC) professional with 5+ years of experience in vulnerability management, FedRAMP compliance, risk assessments, and cloud security. Skilled in managing vulnerability deviation requests, drafting POA&Ms, and collaborating with engineering and DevOps teams to meet FedRAMP Moderate/High standards. Proven track record in security assessments, control validation, and automating risk tracking for continuous compliance in regulated SaaS environments.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Risk and compliance analyst/ Security Control Assessor
GeekView Tek Solutions
06.2021 - Current
- Conduct vulnerability assessments, security control evaluations, and risk audits across AWS cloud and SaaS environments to ensure FedRAMP and NIST compliance.
- Develop and refine System Security Plans (SSPs), POA&Ms, and security documentation for FedRAMP Moderate systems.
- Review and validate security control implementation; recommend compensating controls for vulnerabilities that cannot be immediately remediated.
- Maintain and update risk and vulnerability exception registers, ensuring owners, deadlines, and remediation timelines are tracked.
- Lead third-party risk assessments using OneTrust and Security Scorecard, reviewing vendor security artifacts and risk posture.
- Support FedRAMP audits by preparing detailed evidence packages and security documentation for compliance teams.
- Collaborate with engineering teams to ensure secure configurations, timely patching, and mitigation of findings.
IT Auditor / Security Engineer
T-Mobile / AGO Worldwide Consulting
03.2018 - 06.2021
- Conducted end-to-end audits and vulnerability assessments aligned with FedRAMP, PCI-DSS, FISMA, SOX, and ISO27001 frameworks.
- Created and executed Security Assessment Plans (SAPs) and documented findings in Security Assessment Reports (SARs), recommending remediation steps.
- Coordinated vulnerability and security exception reviews with cross-functional teams, ensuring FedRAMP Moderate compliance.
- Developed risk assessment plans for third-party vendors and classified vendors based on risk levels and criticality.
- Led audit readiness efforts, ensuring timely remediation tracking through ServiceNow and Archer.
- Participated in incident response activities, event correlation, and firewall analysis to enhance network security posture.
Education
BSc. - Information Sysytems & Computer Science
Central University
06.2012
Skills
- Vulnerability Management & Risk Acceptance Processes
- FedRAMP ATO & Continuous Monitoring
- NIST SP 800-53, FISMA, PCI, ISO 27001
- Cloud & Container Security (AWS, Kubernetes, EKS, ECS)
- POA&M Development & Risk Exception Handling
- Security Documentation & Policy Development
- Third-Party Risk Management & Vendor Assessments
- Audit Support & Compliance Evidence Gathering
- SIEM & Vulnerability Scanning (Tenable, Qualys, Prisma Cloud, Splunk)
- Compliance monitoring
- Due diligence
Certification
- CompTIA Sec+ Certified
- CompTIA Advanced Security Practitioner (CASP)
- IBM: Introduction to Cybersecurity Tools & Cyber Attacks
- Google: Foundations of Cybersecurity
Timeline
Risk and compliance analyst/ Security Control Assessor
GeekView Tek Solutions
06.2021 - Current
IT Auditor / Security Engineer
T-Mobile / AGO Worldwide Consulting
03.2018 - 06.2021
BSc. - Information Sysytems & Computer Science
Central University
SIEM TECHNOLOGIES & Tools
- Nessus
- Splunk
- Wireshark
Similar Profiles
PASULA GANESHPASULA GANESH
System Admin at TEK GALAXY SOLUTIONSSystem Admin at TEK GALAXY SOLUTIONS
Kandarp MathurKandarp Mathur
Business Analyst at K-Tek Talent SolutionsBusiness Analyst at K-Tek Talent Solutions
Rana KhodairRana Khodair
Product Designer at Tek Group Solutions (t/a Husssl)Product Designer at Tek Group Solutions (t/a Husssl)
Emmanuel PlasenciaEmmanuel Plasencia
Cook at White CastleCook at White Castle
Umar ChaudhryUmar Chaudhry
Crew Team Member at Dunkin' DonutsCrew Team Member at Dunkin' Donuts