GRC Executive & CISO

Enterprise Governance • Risk Management • Compliance & Assurance

Fortune 500-ready security executive with 10+ years driving governance, risk, and compliance programs across $1B+ enterprises. Expert in SOX ITGC, SOC 2, ISO 27001, regulatory compliance, board reporting, and third-party risk management. Proven track record preventing $5M+ in penalties and leading cross-functional teams of 25+ professionals.

TS/SCI Cleared CISM • MBA SOX • SOC 2 • ISO 27001 NIST CSF • COSO ERM
Email Me LinkedIn Profile

Enterprise Impact

Delivering measurable risk reduction and operational excellence.

$5M+
Regulatory Penalties Prevented
50%
Audit Findings Reduction
$1B+
Enterprise Programs Secured
Zero
Compliance Violations (2-Yr)

GRC Leadership Capabilities

Enterprise governance, risk management, and compliance assurance at scale.

📊

Governance & Board Reporting

Enterprise security governance frameworks, board and audit committee reporting, risk appetite statements, KRI dashboards, and executive-level cybersecurity strategy alignment.

⚖️

Enterprise Risk Management

COSO ERM, NIST CSF, and FAIR-based risk quantification. Risk registers, issue management, remediation governance, and business-aligned risk prioritization frameworks.

Compliance & Assurance

SOX 404 ITGC, SOC 2 Type II, ISO 27001, PCI DSS, HIPAA, GDPR/CCPA, NYDFS 500. Controls testing, continuous monitoring, and regulatory exam readiness.

🔗

Third-Party Risk Management

TPRM program development, vendor risk assessments, SIG questionnaires, supply chain security, contractual controls, and M&A cybersecurity due diligence.

☁️

Cloud & DevSecOps Governance

Cloud controls (AWS/Azure), CIS Benchmarks, zero trust architecture, DevSecOps governance, SBOM, and software supply chain risk management.

🤖

GRC Automation & Platforms

Enterprise GRC platform implementation (ServiceNow GRC, Archer), continuous control monitoring, evidence automation, and risk/compliance reporting dashboards.

Technical & Framework Expertise

Deep proficiency across governance, risk, and compliance domains.

Governance Frameworks

NIST CSF / COSO ERM Expert
COBIT / ISO 27001 Expert
Board & Executive Reporting Expert
Risk Appetite & KRIs Expert

Compliance & Audit

SOX 404 ITGC Expert
SOC 2 / ISO 27001 Expert
HIPAA / PCI DSS Expert
GDPR / CCPA Privacy Advanced

Risk & Operations

Third-Party Risk (TPRM) Expert
Incident Response Governance Expert
FAIR Risk Quantification Advanced
GRC Platforms (ServiceNow/Archer) Advanced

GRC Leadership Experience: SOX, SOC 2, ISO 27001, TPRM

Progressive leadership delivering enterprise governance, risk management, and compliance excellence.

NextGen Data Systems
Senior Information Systems Security Engineer - GRC Program Lead
-
  • Direct enterprise GRC program for $1B+ Navy digital transformation securing 500,000+ users and 3M+ devices across global operations
  • Lead cross-functional governance team of 25+ security engineers, compliance analysts, and auditors implementing NIST CSF and continuous control monitoring
  • Establish automated compliance monitoring platform reducing manual testing by 30% and accelerating SOX ITGC cycles by 6 weeks
  • Remediate 40% of risk register backlog in 6 months through COSO ERM-aligned prioritization framework and executive risk committee governance
  • Present quarterly cybersecurity risk dashboards to senior leadership (Flag Officers, SES), translating technical risks into business impact and board-ready KRIs
Baptist Health
Cybersecurity & Disaster Recovery Manager - GRC Lead
-
  • Build enterprise GRC program for 8-hospital system protecting 1M+ patients and 30,000 employees, achieving SOC 2 Type II readiness and ISO 27001 alignment
  • Develop 25+ HIPAA privacy and PCI DSS compliance policies reducing audit findings by 50% and maintaining zero regulatory violations across 2-year audit cycle
  • Establish third-party risk management (TPRM) program for 15+ critical vendors, negotiating remediation agreements that prevented $5M+ in OCR penalties
  • Design integrated GRC framework spanning HIPAA Privacy Rule, PCI DSS v4.0, NIST CSF, and state breach notification laws, streamlining compliance efforts by 40%
  • Lead enterprise business continuity and disaster recovery governance, conducting tabletop exercises and achieving 99.9% availability across all clinical systems
Janus Research Group
Information Systems Security Officer - Compliance Lead
-
  • Achieve successful regulatory examination and ATO renewal for mission-critical Army systems under evolving DoD cybersecurity requirements
  • Execute operational risk assessment identifying system recategorization opportunities, reducing annual compliance costs by $300K+ through strategic control optimization
  • Lead compliance assurance for 10+ federal systems securing full authorization through NIST 800-53 control implementation and continuous monitoring program
  • Develop compliance training program for security analysts, reducing external consultant dependency and building internal RMF/GRC capability
U.S. Air Force National Guard
Cyber Defense Operations Lead (E-7) - TS/SCI
-
  • Lead 20-member cybersecurity team protecting classified networks supporting U.S. Air Forces in Europe, ensuring mission readiness under TS/SCI clearance
  • Command joint cyber defense exercise across 5 partner units, achieving 98% threat detection rate and strengthening multi-agency incident response protocols
  • Transform unit training program resulting in 25% improvement in inspection scores and recognition as top-performing cyber squadron in region
  • Maintain 99.9% uptime for mission-critical SCI systems supporting 24/7 operations, implementing proactive maintenance and threat monitoring protocols

Credentials

Industry-recognized certifications and advanced degrees.

CISM
Certified Information
Security Manager
MBA
Master of Business
Administration
Sec+
CompTIA
Security+ CE
CCA
Certified CMMC
Assessor
CISSP
In Progress
(ISC)²

Let's Connect

Available for senior security leadership opportunities.

📧 kcurry@thebronzeshield.com
📱 502-812-8606
💼 linkedin.com/in/keontaycurry
📍 Louisville, KY
Send Email