Randeep Sidhu

Consultant to Department of Veterans Affairs (VA) (Active Public Trust Clearance)

• Lead a team of of over 8 system stewards as the Team Lead for both the Plan of Action and Milestone (POA&M) Management Team and the Test Results and SOP Development Team.
• Monitored new VA specific and Federal guidance on cybersecurity and the Risk Management Framework to understand and incorporate into Authority to Operate processes for Medical and Special Purpose System devices
• Collaborated with the internal system steward team to adopt an agile framework featuring three-week sprints to effectively manage all tasks associated with the ongoing ATOs for Medical Devices and Special Purpose Systems.
• Collected and assessed Enterprise Risk Analysis (ERA) and MOU/ISA documentation for over 300 devices to facilitate the completion of the ATO for designated VA Medical and Special Purpose Systems.
• Developed Implementation Plans, Test Results, and Standard Operating Procedures (SOPs) for both VA Medical and Special Purpose System ATO packages in accordance with NIST 800-37, for review by VA client leadership.
• Managed the creation, monitoring, closure, and risk assessment of POA&Ms (Plan of Action and Milestones) as part of Continuous Monitoring, adhering to VA policy, NIST 800-53 and NIST 800-37 standards.
• Initiated Annual Risk Assessment POA&M workflows for Medical and Special Purpose Device ATO Packages within eMASS Governance Risk and Compliance (GRC) tool.
• Configured system control inheritance for Medical Device and Special Purpose Device System ATOs via eMASS GRC tool.
• Conducted multiple interviews with VA stakeholders, including Office of Information Technology personnel and Third-Party Vendor representatives, to evaluate and assess adherence to the VA's specified NIST 800-53 critical controls for Medical Device Systems.
• Drafted Contingency Plan for VA Special Purpose Device ATO.
• Collaborated with the Information System Security Officer (ISSO) to secure approval for the Contingency Plan and the Incident Response Plan Tabletop Exercise presentation slides for the VA Medical Systems ATO package.
• Created and obtained approval for the Privacy Threshold Analysis and Privacy Impact Assessment documentation for the initial ATO of the Special Purpose Devices system ATO..
• Updated the Privacy Threshold Analysis and Privacy Impact Assessment for Medical Devices in response to significant changes as mandated by VA Policy to sustain an ATO for the VA Medical Device Systems.
• Conducted a yearly review of ATO documentation, encompassing Standard Operating Procedures (SOPs) and Policy and Procedure documents, for VA Medical Devices using the GRC tool eMASS.
• Engaged with VA stakeholders to assess the classification of assets related to Medical and Special Purpose Devices.
• Developed guides to assist the team in managing Action Items issued by the Department of Veterans Affairs.
• Formulated and executed Splunk queries for the discovery and analysis of Medical Devices within the VA environment.

Consultant to Administration for Children and Families (HHS-ACF) (Active Public Trust Clearance)

• Supervised a team of three Information System Security Officers (ISSO) in the capacity of Team Lead.
• Performed as Lead ISSO on Authority to Operate (ATO) for ACF AWS FedRAMP Cloud Environment
• Conducted Security Categorization in accordance with NIST standards, leveraging Privacy Threshold Analysis (PTA) and E-Authentication for systems seeking ATOs.
• Assessed the effectiveness of Management, Operational, and Technical Security Controls for systems undergoing ATO, adhering to NIST 800-37, NIST 800-53, and NIST 800-53A guidelines.
• Developed and maintained Assessment and Authorization (A&A) documentation, which encompasses the System Security Plan (SSP), Contingency Plan (ISCP), Incident Response Plan (IRP), and Risk Assessment Reports (RAR).
• Created, monitored, and resolved Plans of Action and Milestones (POAMs) for vulnerabilities identified during Security Control Assessments and Continuous Monitoring of ACF systems.
• Verified, as part of the Security Control Assessment and Continuous Monitoring, that all incoming, outgoing, and internal communications are encrypted and securely transmitted.
• Responsible for downloading and analyzing Tenable Nessus intrusion detection and compliance scan logs facilitating remediation of any vulnerabilities based on the risk level to ACF
• Assessed ACF policies/procedures regarding Security Awareness are in place and satisfy relevant NIST Security Controls
• Reviewed Audit Logs within the timeframe specified by the HHS Chief Information Security Officer (CISO).
• Evaluated security posture of ACF systems undergoing modifications and enhancements, including any necessary updates to security documentation that may require re-certification of the system.
• Participated in annual FISMA reporting as required to include A-123 audits and OIG findings.
• Provided additional support as needed to ISSOs working on individual system ATOs.

• Evaluated existing system designs to solve complex problems considering system capacity and limitation, operating time, and form of desired results
• Serve as Subject Matter Expert for proprietary system
• Participated in design sessions for new and enhanced system development efforts and recommended changes to existing systems design to achieve desired results
• Coordinated with cross-functional teams to ensure tasks fall within corporate strategic direction
• Documented processes and instructions to identify and resolve problems and serve as Subject Matter Expert for End User Testing, and for providing guidance and training to new personnel
• Analyzed customer requests for data and collaborate with cross-functional teams to compile cogent reports
• Traced specifications from requirements to objectives to ensure functional specifications are properly maintained and updated