Information Systems Security Manager | APJ Enterprise LLC
CISM | CEH | Security+ | ITIL v3 | FedRAMP | NIST RMF | Microsoft 365 Security | AI Governance
Iβm a federal cybersecurity professional based in Stafford, Virginia, leading Governance, Risk, and Compliance (GRC) initiatives that align with FedRAMP Moderate, NIST SP 800-53 Rev. 5, and DoD RMF requirements.
At Marine Corps University, Iβve overseen security operations and modernization efforts β including the migration from CrowdStrike Falcon to Microsoft Defender, continuous monitoring across Azure and .edu networks, and maintaining enterprise Authority to Operate (ATO) compliance.
Now, through APJ Enterprise LLC, Iβm building a hands-on GRC and AI Compliance Lab to bridge federal frameworks with modern Microsoft security and AI governance practices.
- Governance, Risk & Compliance (GRC): FedRAMP Moderate, RMF, NIST 800-53/171, CMMC readiness
- Security Operations: Continuous Monitoring, Incident Response, ACAS/Tenable, Microsoft Defender Suite
- Cloud & Identity: Microsoft 365 E5, Azure AD / Entra ID, Intune, Purview, Conditional Access, MFA
- AI & Data Governance: NIST AI RMF, ISO/IEC 42001, Responsible AI policies, AI risk assessment templates
- Documentation & Auditing: SSPs, SARs, POA&Ms, MOUs/MOAs, DADMS/DITPR registration, and compliance evidence
- Leadership & Mentoring: Translating complex compliance controls into actionable, sustainable processes
Explore my GRC + AI Compliance Portfolio, which demonstrates hands-on documentation, control mapping, and policy authorship aligned to federal and emerging AI standards.
| Section | Description |
|---|---|
| π Risk Register | Risk catalog and scoring aligned with NIST SP 800-30 |
| 𧩠Vendor Security Questionnaire | Supplier assessment based on NIST SR and FedRAMP SA-9 |
| 𧱠Security Policies | Password, Access Management, and Acceptable Use |
| π‘οΈ Incident Response | Response lifecycle, logging, and reporting templates |
| π Continuous Monitoring | Metrics, POA&M tracking, and monitoring cadence |
| ποΈ Data Classification | CUI and PII data handling framework |
| 𧱠Vulnerability Management | Patch validation checklist and risk reduction workflow |
| π€ AI Compliance | NIST AI RMFβaligned governance, bias testing, and accountability tables |
- 𧩠AI Governance & Risk Management β Applying NIST AI RMF to enterprise compliance programs
- βοΈ Microsoft Security Automation β Building detection and compliance dashboards across Defender, Sentinel, and Purview
- π GRC Modernization β Automating POA&M workflows and FedRAMP evidence generation
- π§ Professional Development β Pursuing SC-300, SC-401, and AI-900 certifications
π§ Email: [email protected]
π Portfolio: jjordan1983.github.io/grc_portfolio
πΌ LinkedIn: linkedin.com/in/jeanette-jordan
π» GitHub: github.com/JJordan1983
"Compliance is not paperwork β itβs assurance. True governance lives in the systems we build, not just the controls we write."
β Jeanette Jordan