Summary
Overview
Work History
Education
Skills
Websites
Certification
Security Clearance
Core Competencies
Timeline
Generic

Shawn Harris

Powder Springs,GA

Summary

Senior GRC analyst with extensive experience at Raytheon, successfully enhancing compliance programs and achieving a 25% reduction in security risks. Proficient in risk assessment and third-party management, with a strong focus on stakeholder collaboration and program development. Expertise in NIST and ISO 27001 standards drives effective organizational security initiatives.

Overview

16
16
years of professional experience
1
1
Certification

Work History

Senior GRC Analyst

Raytheon
01.2022 - 06.2026
  • Risk Management: Managed Third-Party Risk Management program, assessing and mitigating risks across 30+ vendor relationships. Reduced overall security risk by 25% through stakeholder-driven remediation plans.
  • Program Development: Ensured continuous compliance with federal regulations and frameworks (NERC, PCI DSS, ISO 27001), maturing the compliance program over multiple audit cycles.
  • Collaborated with incident response teams to align control testing with real-world threat scenarios, increasing detection and response effectiveness.
  • Led enterprise security awareness training program for 60+ tenants, enhancing compliance with human-factor security controls and governance objectives.

Senior GRC Analyst

Modivcare
11.2020 - 12.2021
  • Program Development: Utilized Risk Lens / FAIR methodology to quantify cybersecurity risk exposure, enabling executive decisions on risk treatment.
  • Governance: Performed governance and compliance control testing against Active Directory and M365 cloud environments.
  • Identified and communicated IT security risks to business stakeholders, initiating tracking of risk treatment plans to prevent incidents.
  • Conducted due diligence and third-party risk assessments, documenting risks in formal registers and facilitating remediation through ServiceNow.

Senior Security Assessor

Fortress Information Security
04.2020 - 11.2020
  • Risk Management: Evaluated vendor security postures within risk management, TVM, and asset management to identify vulnerabilities and enhance security frameworks.
  • Evaluated vendor incident response capabilities during third-party risk assessments.
  • Governance: Managed validation of SIG and A2V vendor questionnaires, ensuring compliance with governance standards and mitigating potential risks.
  • Program Development: Developed and documented test procedures and recommendations to strengthen control design effectiveness for NERC, PCI DSS, and ISO 27001 compliance.

Security Analyst, IT Risk Control

Equifax
Alpharetta, USA
02.2019 - 04.2020
  • Governance: Assessed security controls' design and operational effectiveness for compliance with NIST, ISO, and CIS Top 20 standards.
  • Risk Management: Detected compliance gaps through structured risk assessments and quality assurance reviews.
  • Incident Management: Analyzed CVE-based vulnerabilities and presented patch cycle metrics to director-level leadership, directly informing incident prevention strategies.
  • Program Development: Established continuous monitoring testing function for enhanced oversight of IT security controls.

Security Analyst

Venza
Roswell, USA
06.2017 - 01.2019
  • Incident Management: Executed vulnerability management lifecycle, detecting and mitigating 100+ vulnerabilities monthly via Tenable Nessus. Performed incident response activities using SIEM alerts and PVS data.
  • Developed and implemented enhanced monitoring alerts for endpoints in collaboration with SOC, improving detection capabilities.
  • Prioritized vulnerabilities by assessing business impact and integrating threat intelligence, ensuring focus on critical risks.
  • Documented incident response procedures and refined policies, strengthening governance and response efficiency.

Information Security Analyst

Kemira Chemicals
Atlanta, USA
01.2013 - 05.2017
  • Incident Management: Performed periodic vulnerability scanning using Qualys and NMAP to support proactive threat detection.
  • Risk Management: Conducted organization-wide risk assessments and QA reviews, identifying gaps in policies and procedures to enhance security posture.
  • Program Development: Assisted in implementation of company-wide Identity and Access Management (IAM) solution, streamlining user access and improving compliance.
  • Coordinated control documentation to ensure internal audit readiness.

Information Security Specialist

Qspex Technologies
Alpharetta, USA
01.2010 - 01.2013
  • Risk Management: Contributed to risk assessment processes, identifying potential vulnerabilities.
  • Governance: Assisted in foundational GRC activities, ensuring effective policy compliance reviews.
  • Program Development: Aided in establishing security awareness and documentation practices to enhance compliance.

Education

Bachelor of Science (B.S.) - Information Technology, Information Systems Security

University of Phoenix
Atlanta, GA
01-2017

Skills

  • Policy development and control design
  • Audit management and testing
  • Risk assessment and reporting
  • Third-party risk management
  • NIST compliance
  • ISO 27001 standards
  • PCI DSS adherence
  • CIS top 20 framework
  • Federal regulations knowledge
  • ServiceNow GRC expertise
  • RSA Archer proficiency
  • JIRA project management
  • Confluence documentation skills
  • Risk lens analysis
  • Security scorecard evaluation
  • Qualys vulnerability management
  • Tenable security assessments
  • Proofpoint email security solutions
  • SharePoint collaboration tools

Websites

Certification

CISM (Certified Information Security Manager), ISACA, Pending Endorsement

Security Clearance

Active TS/SCI Clearance

Core Competencies

Policy Development, Control Design & Testing, Audit Management, SIG & A2V Reviews, Enterprise Risk Assessment, Third-Party Risk (TPRM), FAIR Methodology, Risk Reporting, NIST, ISO 27001, PCI DSS, NERC, CIS Top 20, Federal Regulations, ServiceNow GRC, RSA Archer, Jira, Confluence, Risk Lens, Security Scorecard, Qualys, Tenable, ProofPoint, SharePoint

Timeline

Senior GRC Analyst

Raytheon
01.2022 - 06.2026

Senior GRC Analyst

Modivcare
11.2020 - 12.2021

Senior Security Assessor

Fortress Information Security
04.2020 - 11.2020

Security Analyst, IT Risk Control

Equifax
02.2019 - 04.2020

Security Analyst

Venza
06.2017 - 01.2019

Information Security Analyst

Kemira Chemicals
01.2013 - 05.2017

Information Security Specialist

Qspex Technologies
01.2010 - 01.2013

Bachelor of Science (B.S.) - Information Technology, Information Systems Security

University of Phoenix

Similar Profiles

CREATE PROFILE
Shawn Harris