Senior Cybersecurity GRC Leader with DoE Clearance

SHELIA B BROWN, PMP, CISM, CCISO, CASP

FEDERAL CLEARANCE ELIGIBLE ISSM / ISSO/ GRC LEADER

Active Department of Energy (DoE) Q Clearance

Greenville, SC 864-***-**** ******.*********@*****.***

EXECUTIVE SUMMARY

Cybersecurity executive and senior Information Assurance leader with over 26 years of progressively responsible experience leading enterprise security programs across the Department of Energy (DOE), Department of Defense (DoD), Defense Health Agency (DHA), healthcare systems, and large federal contractors. Proven expert in NIST RMF implementation, GRC governance, continuous monitoring operations, cloud security oversight, and CMMC readiness validation. Trusted advisor to executive leadership and Authorizing Officials supporting ATO decisions, enterprise risk reduction, and regulatory compliance across high-complexity environments. Recognized for strengthening security posture, streamlining accreditation pipelines, and leading high-performing engineering and compliance teams across classified and unclassified infrastructures.

CORE COMPETENCIES

GRC & Compliance Leadership RMF Lifecycle & eMASS

ATO Authorization & Continuous Monitoring (ConMon)

NIST SP 800-53 Rev 5 / NIST 800-171 / CSF

CMMC 2.0 Readiness & Mapping (L1–L2)

Cloud & SaaS Boundary Security (Azure/AWS/GCP)

Enterprise Risk Assessment & POA&M Remediation

IAM / Entra ID RBAC, MFA, Conditional Access

PowerShell Security Validation & Hardening

SIEM / Vulnerability Management / STIG Validation

Executive Reporting & Stakeholder Engagement

PROFESSIONAL EXPERIENCE

INFORMATION SYSTEM SECURITY MANAGER (ISSM)

Delaware Nation Industries – Savannah River Site (Remote) Dec 2024 – Dec 2025

Served as principal cybersecurity advisor to DOE leadership, providing executive oversight of General Support Systems, SaaS platforms, and cloud security boundaries aligned to DOE directives and NIST RMF requirements.

Directed enterprise system authorization activities and risk posture management, delivering formal risk recommendations to the Authorization Body (AB) influencing ATO decisions.

Led cross-boundary risk oversight ensuring secure interconnections across mission systems preserving confidentiality, integrity, and availability of DOE assets.

Evaluated enterprise control effectiveness across multiple accreditation packages, strengthening continuous monitoring programs and control testing cadence.

Partnered with DOE HQ & NNSA to align organizational cybersecurity strategy with national security priorities.

Provided C3PAO readiness advisory support, validating evidence, reviewing control artifacts, and leading mock assessments to strengthen compliance posture.

Oversaw implementation and compliance validation of secure file-sharing and collaboration capabilities within Microsoft GCC High environments, supporting federal mission programs and protecting controlled unclassified information (CUI).

SENIOR CYBERSECURITY ANALYST / GRC LEAD

Delaware Nation Industries (Remote) Feb 2023 – Dec 2024

Directed enterprise GRC and RMF operations across multiple DOE systems, overseeing implementation of NIST SP 800-53 Rev 5 controls.

Conducted enterprise risk assessments identifying security deficiencies, developing remediation strategies, and managing POA&Ms to closure.

Supported ATO package development and annual security assessments through artifact validation, SSP/SAR/SAP documentation, and continuous monitoring reporting.

Led STIG validation, vulnerability scanning review, and audit evidence management to maintain accreditation.

Reviewed IAM configurations, RBAC assignments, MFA enforcement, and conditional access policies supporting compliance validation.

SENIOR SECURITY ARCHITECT

SunPlus Data Group – Columbia, SC Feb 2022 – Feb 2023

Led a team of 4 security engineers architecting enterprise security programs resulting in an 80% reduction in security incidents.

Implemented SIEM platforms improving real-time detection and incident response effectiveness.

Designed security architecture frameworks aligned to ISO 27001 & NIST CSF.

Established secure SDLC integration improving early vulnerability detection.

Led vendor risk evaluations and third-party security assessments.

Guided adoption of multi-cloud security best practices (AWS, Azure, GCP).

SENIOR CYBERSECURITY ARCHITECT / IAM LEAD

Sabel Solutions (Remote) Jun 2021 – Jan 2022

Delivered tailored security architecture solutions across healthcare, e-commerce, and financial sector clients ensuring full regulatory compliance.

Led enterprise IAM modernization including Entra ID / Azure AD migrations, RBAC, MFA deployment, and Zero Trust enforcement.

Automated privileged access reviews and stale account discovery via PowerShell security reporting tied to on-prem and cloud IAM platforms.

IV&V SENIOR CYBERSECURITY ANALYST

KBRWyle – Defense Health Agency (Remote) Mar 2017 – Apr 2021

Conducted Independent Verification & Validation (IV&V) across multi-million-dollar DHA programs.

Assessed RMF controls against NIST 800-53, DISA STIG/SRG, producing compliance gap analyses and remediation guidance.

Served as primary IAM Validator, evaluating RBAC assignments, MFA enforcement, conditional access policy compliance, and privileged account controls.

Performed in-depth PowerShell security assessments validating:

oScript signing enforcement (AllSigned/RemoteSigned)

oModule sourcing restrictions

oScript Block/Module logging & transcription

oAMSI integration

oEDR telemetry visibility

Applied CMMC 2.0 alignment mapping between 800-53 Rev 5 and 800-171 controls supporting Level 1 & Level 2 readiness initiatives and development of SSPs, POA&Ms, and control traceability matrices.

Managed and supported secure collaboration and document sharing within Microsoft GCC High / Government Community Cloud High environments, ensuring compliance with FedRAMP High, NIST SP 800-53, and DOE cybersecurity requirements.

(Earlier Information Assurance leadership roles across TATCS, Sentar, Meridian Technologies, Parsons, Booz Allen, Verizon, DoD PEO EIS, and the U.S. Army are retained but condensed for ATS efficiency. These roles collectively demonstrate 10+ years of C&A/DIACAP leadership, FedRAMP engagement, training development programs, vulnerability management, and enterprise compliance leadership.)

EDUCATION:

Capella University_BS of Science of IT_Information Assurance and Cyber Security

CERTIFICATIONS:

Project Management Professional (PMP)

Certified Information Security Manager (CISM)

Certified Chief Information Security Officer (CCISO)

CompTIA Advanced Security Practitioner (CASP+)

CompTIA Security+

Information System Security Officer (ISSO)

Information Assurance Security Officer (IASO)

MEMBERSHIPS:

ISACA Project Management Institute (PMI)

Contact this candidate