Dr. Benedette Ntinglet

Experienced information system security professional with more than ten (10) years of comprehensive IT Security leadership and support experience.

Provide organizational, legal, and Information Technology guidance to both public and private sector organizations by developing and improving organizational capabilities such as contracts, policies, SOPs, and other business documents and processes throughout NOAA, NIH, FCC and Peace Corps.

Additional 10 years’ experience performing functional and administrative task in the healthcare industry supporting private sector facilities in organizational reformation serving as a SME for healthcare and medical industry practices and operational procedures.

Perform compliance assessments of functional and technical documentation such as System Security Plan, Incident Response Plan, Disaster Recovery Plan, Software Licensing Agreement, Interconnection Security Agreement, SaaS/PaaS Agreements, Client Data Protection Policy, Cloud Data Privacy Policy to ensure Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR), National Institute of Standards and Technology (NIST) and Federal Information Security Modernization Act (FISMA) compliance.

Provides expertise with developing, maintaining and managing Security Authorizations and Assessments packages. Develop and document all required artifacts for SA & A package.
• Updates SA& A documentation and artifacts on a regular basis (e.g. annually, after approved change).
• Has the capability in developing and managing Corrective Action Process (CAP) for Plans of Action & Milestones (POA&M’s).
• Has determined the baseline IT Security requirements for IT Systems using CSAM and tailor security controls as appropriate, identifying system boundaries, determining information categories, assisting with FIPS-199 based upon the particular system.
• Has document system’s risk assessment per client directives and requirements.
• Has been documenting security control implementation in the system’s Security Plan using the Library’s Information Assurance (IA) tool (CSAM and NSAT).
• Has implemented security controls based on IT System FIPS categorization of all the system within our organization.
• Has conducted SA & A activities sand tasks and obtain Authorization to Operate (ATO) in line with NIST and client guidance and directives at Peace Corps.
• Has the capability in developing and Plans of Action & Milestones (POA& M’s) management guide as developing and maintaining Plan of Actions and Milestones (POA & Ms) for IT systems.
• Collecting and submitting SA & A packages for Information Assurance (IA) security and control assessor (SCA) review an assessment.
• Has ensured users and system support personnel have the required authorization and need-to-know; have been indoctrinated; and she is familiar with internal security practices before access to the IT System.