Cybersecurity GRC Leader with 15+ Years Experience

William L. Wells

**** ******* *****, ******, **, 52302 319-***-****

********@*******.*** https://linkedin.com/in/wlloydwells PROFESSIONAL SUMMARY

Cybersecurity Governance, Risk, and Compliance (GRC) leader with 15+ years of experience building and scaling enterprise governance programs, regulatory compliance initiatives, and risk oversight functions across global organizations in education technology, financial services, and manufacturing.

Proven track record of operationalizing control frameworks, expanding audit programs at scale, maturing third-party risk management capabilities, and strengthening enterprise risk visibility for senior and executive leadership for use in board-level presentations. Adept at translating regulatory and control requirements into practical, business-aligned governance processes that support growth, cloud adoption, and M&A activity. Experienced in multi-cloud environments and recognized for maintaining auditor independence while delivering clear, actionable risk guidance that balances security, compliance, and operational objectives.

CORE COMPETENCIES

• Cybersecurity Governance

• Enterprise Risk Management

• Regulatory Compliance

• NIST Cybersecurity Framework

(NIST CSF)

• ISO/IEC 27001

• SOC 2 Type I and II

• PCI-DSS

• FedRAMP Moderate

• Third-Party Risk Management

(TPRM)

• IT General Controls (ITGC)

• SOX Compliance

• HIPAA

• GLBA

• FERPA

• Security Policy Development

• Executive Risk Reporting

• Incident Response Governance

• Business Continuity and Disaster Recovery

• Multi-Cloud Governance (AWS, Azure, GCP)

• Familiar with GRC Platforms (RSA Archer,

OneTrust, ServiceNow)

• Cross-Functional Leadership (Teams of 3–7)

PROFESSIONAL EXPERIENCE

NCS Pearson, Inc. – Pearson, Plc London, England, UK 2017 – 2026 Cybersecurity Governance Manager

• Led global cybersecurity governance program aligned to NIST CSF, ISO 27001, FedRAMP Moderate, PCI-DSS, HIPAA, GLBA, FERPA, and 21 CFR Part 11.

• Directed expansion of SOC 2 program from 3 SOC 2 Type I reports to more than 30 concurrent SOC 2 Type II audits annually.

• Led enterprise NIST CSF assessments.

• Led enterprise cybersecurity policy creation, publication, and management.

• Built and matured scalable third-party risk management (TPRM) program.

• Familiar with RSA Archer, OneTrust, and ServiceNow.

• Supported multiple FedRAMP Moderate initiatives and advised on continuous monitoring controls.

• Conducted M&A cybersecurity governance reviews and contract security assessments.

• Reported to Vice Presidents of Cybersecurity and presented enterprise risk posture metrics to executive stakeholders.

• Led governance teams of 3–7 professionals while maintaining segregation of duties. Transamerica, Inc. Cedar Rapids, IA, USA 2007 – 2016 Division Information Security Manager

• Led design and implementation of PCI-DSS compliance initiative and validation activities for enterprise e-commerce platforms.

• Managed regulatory alignment for HIPAA, SEC, FINRA, and state and federal privacy requirements.

• Designed and implemented scalable third-party risk management framework.

• Led enterprise risk assessments aligned to NIST and compliant with SEC, HIPAA, and FINRA requirements.

• Developed executive-level cybersecurity risk reporting and remediation tracking processes.

• Managed information security personnel and partnered with executive leadership on risk mitigation.

3M Company St. Paul, MN, USA 1989 – 2007

Audit Specialist

• Led global IT audits including SOX IT General Controls and enterprise security assessments.

• Authored enterprise-level SOX embedded control documentation aligned with PCAOB requirements.

• Developed standardized audit programs for SDLC, application security, and infrastructure controls.

• Established incident response and business continuity governance processes. CERTIFICATIONS

CISSP — Certified Information Systems Security Professional 2008 – 2025 CISM — Certified Information Security Manager 2009 – 2021 CISA — Certified Information Systems Auditor 2006 – 2021 CRISC — Certified in Risk and Information Systems Control 2011 – 2021 CIPT — Certified Information Privacy Technologist 2011 – 2020 AWS Certified Solutions Architect – Associate 2019 EDUCATION

Master of Fine Arts in Creative Writing Full Sail University 2014 Master of Science in IT Information Assurance and Security Capella University 2012 Bachelor of Arts in Writing Minor in Metropolitan State University 2006 Associate of Arts Clinton Community College 1992 Associate in Design and Drafting Technology Morrison Institute of Technology 1984

Contact this candidate