Open to opportunities

Jeffrey Threat

@jeffreythreat

Message

Senior cybersecurity & GRC professional translating NIST RMF into actionable cloud risk solutions.

United States

Message

What I'm looking for

I’m seeking to leverage federal-grade security expertise to drive zero-trust architecture initiatives and strengthen GRC program maturity in a remote private sector environment, translating technical risk into business impact for executive decision-making.

Results-driven Senior Cybersecurity & GRC Professional with 10+ years of experience translating NIST Risk Management Framework (RMF) requirements into actionable business solutions. I lead security control assessments and enterprise risk authorization programs across hybrid cloud environments, grounding governance in data-driven vulnerability management and clear stakeholder narratives.

In recent roles, I’ve reduced critical findings by 35% through automated remediation workflows in Xacta GRC, accelerated POA&M timelines by 40%, and supported executive buy-in for $2M+ in security investments. I also built compliance monitoring with ACAS/Tenable—remediating 500+ vulnerabilities—and delivered standardized accreditation documentation that cut audit preparation time by 25%, while mentoring teams to improve RMF execution and productivity.

Experience

Work history, roles, and key accomplishments

Current

Senior Security Control Assessor

Current

Delviom, LLC

Sep 2024 - Present (1 year 9 months)

Led security control assessments and risk authorization programs for U.S. Treasury financial systems, ensuring NIST 800-53 and FISMA compliance across hybrid cloud environments. Reduced critical findings by 35% using automated Xacta GRC workflows and accelerated POA&M remediation timelines by 40%.

NIST 800 53 FISMA Security Control Assessment Risk Authorization POA&M Management Incident Response STAKEHOLDER RISK TRANSLATION

Security Delivery Specialist

Accenture Federal Services

Jan 2022 - Sep 2024 (2 years 8 months)

Served as Information Assurance Lead for DISA Advanced Acquisitions Analytics Dashboard, managing A&A lifecycle activities for DoD enterprise systems processing $50B+ in procurement data. Implemented STIG/SRG compliance monitoring with ACAS/Tenable and remediated 500+ vulnerabilities prior to production deployment.

DISA ACAS Tenable Executive Reporting

Senior Consultant, Cyber Compliance

Booz Allen Hamilton

Aug 2019 - Dec 2021 (2 years 4 months)

Conducted A&A and Authority to Connect (ATC) assessments for Joint Staff Provider and Pentagon enterprise networks supporting 15,000+ users across classified and unclassified environments. Reduced critical infrastructure exposure by 60% by designing risk mitigation strategies and delivered executive risk briefings with quantified impact.

Authority To Connect (ATC)RMF And Assessment Executive Risk Risk Mitigation Security Posture Management EMASS Workflows Classified Unclassified Environments

Security Control Assessor

Oasis Systems (Astrion)

Mar 2018 - Jul 2019 (1 year 4 months)

Executed security assessments for DHS Office of Inspector General and Nuclear Regulatory Commission to support critical infrastructure protection compliance. Validated controls with Xacta, generating automated compliance reports that reduced manual audit time by 50% and drove remediation within 30-day authorization windows.

Security Assessments Compliance Automation DHS NRC Compliance Mitigation Planning Audit & Assurance

Cybersecurity Analyst

ECS Federal

Mar 2015 - Mar 2018 (3 years)

Performed C&A for U.S. Navy Commander Navy Installations Command (CNIC) Public Safety Network, securing 80+ workstations across global installations. Conducted vulnerability assessments using SecurityCenter/Tenable across 1,000+ devices and created accreditation documentation (ConOps, SSPs, DRPs) while establishing SCIF physical security policies with 100% compliance.

Tenable Vulnerability Assessment SSP Security Assessments SCIF Physical Security Policies U.S. Navy CNIC