William Shively

Cybersecurity GRC and ISSO professional with 9+ years of experience supporting information security compliance, risk management, security control assessment, and audit readiness across federal, cloud, and enterprise environments. Experienced in NIST RMF, NIST 800-53, POA&M management, continuous monitoring, vulnerability management, risk assessments, SSP/SAP/SAR documentation, and compliance programs involving PCI, SOX, FedRAMP, and FISMA. Skilled at translating technical security requirements into clear documentation, remediation plans, and executive-ready risk reporting. CISSP and Security+ certified, with hands-on experience across Azure, AWS, Splunk, Microsoft Sentinel, Nessus/ACAS, Qualys, Xacta, eMASS, ServiceNow, STIGs, and SCAP. Seeking remote GRC, information security compliance, third-party risk, security analyst, or ISSO roles where I can help organizations strengthen governance, reduce risk, and maintain audit-ready security programs.