Open to opportunities

Timothy Terrance

@timothyterrance

Message

Senior Information Security GRC Program Manager driving automated, risk-based compliance.

United States

Message

What I'm looking for

I seek senior roles leading GRC and security automation where I can modernize compliance, reduce remediation cycles, and align security with engineering and mission goals.

I am a U.S. Air Force veteran and GIAC-certified information security professional with 13+ years of experience across DoD, the Intelligence Community, and enterprise environments. I specialize in managing end-to-end GRC programs, policy lifecycle management, third-party risk, and POA&M lifecycle tracking.

I bring deep hands-on experience with NIST RMF / 800-53 control testing, SOC 2 audit evidence coordination, and vulnerability translation from Splunk, Tenable, and Nessus into prioritized remediation roadmaps. I build GRC automation workflows using Python and PowerShell to streamline evidence collection, control testing, and compliance reporting.

I communicate risk to technical and executive stakeholders, apply MITRE ATT&CK and OWASP LLM Top 10 for adversary-informed control decisions, and modernize compliance operations through AI/ML governance and tooling. I hold an active DoD security clearance and multiple certifications including GCIH, GSEC, CompTIA CySA+, Security+, and PenTest+.

Experience

Work history, roles, and key accomplishments

Current

Senior Cybersecurity Engineer

Current

General Dynamics IT

Nov 2025 - Present (4 months)

Owned NIST RMF 800-53/800-37 control embedding and POA&M lifecycle management, accelerating ATO timelines and reducing compliance rework through automated evidence collection and prioritized remediation roadmaps.

NIST RMF Splunk Python PowerShell AI ML Security

ISSO / Cyber Threat Analyst

Parsons

Jun 2023 - Oct 2025 (2 years 4 months)

Maintained SSPs and led full POA&M lifecycle in ServiceNow, applied MITRE ATT&CK for control gap analyses, and delivered executive risk reporting to authorizing officials to support ATO and continuous monitoring.

SSP Trellix HBSS Monitoring

Digital Network Analyst

Parsons

Jan 2022 - Oct 2022 (9 months)

Executed behavioral analysis across adversary targets, producing recommendations that optimized defensive configurations and improved threat coverage and mean time to detection for national security missions.

Threat Modeling Anomaly Detection Cyber Intelligence Defensive Tuning Incident Response Pattern Of Life Analysis

Information Security Liaison

Calhoun International

Jan 2021 - Jan 2022 (1 year)

Served as primary security liaison to the JIOC, managing requirements intake and compliance information sharing to streamline cross-organizational workflows and reduce information latency for mission stakeholders.

Requirements Management Audit Evidence

Cyber Fusion Analyst

BTS Software Solutions

Jul 2019 - Jan 2021 (1 year 6 months)

Applied multi-source intelligence fusion and pattern-of-life assessments to inform threat-informed control decisions and produced 920+ intelligence products enabling near-real-time operational actioning.

Threat Analysis Reporting

Intelligence Analyst — Cyber Fusion

United States Air Force

Oct 2013 - Jul 2019 (5 years 9 months)

Overhauled adversary TTP documentation and automation pipelines, reducing analytical cycle times by 33% and standardizing SOPs adopted across multiple organizations while training junior analysts.

Adversarial TTPs SOP Development Automation Host Based Detection Malware Analysis Training Process Improvement

Education

Degrees, certifications, and relevant coursework

Western Governors University

Bachelor of Science, Cybersecurity & Information Assurance

Completed a Bachelor of Science in Cybersecurity & Information Assurance focusing on applied security controls, risk management, and assurance practices.