Skip to main content
HimalayasHimalayas logo
XD
Open to opportunities

Xavier Dobey

@xavierdobey

GRC and cybersecurity compliance consultant specializing in risk assessments, ATO readiness, and vulnerability remediation for federal systems.

United States
Message

What I'm looking for

I’m looking for a GRC role where I can lead FISMA/FedRAMP-aligned assessments, translate NIST requirements into actionable controls, and improve audit readiness and risk visibility using dashboards and automation.

I’m a Governance, Risk, and Compliance (GRC) consultant and advisor with multiple years of experience leading cybersecurity assessments, risk management initiatives, compliance programs, vulnerability management, and security advisory services across highly regulated federal environments. I validate success by evaluating security controls, developing policies and procedures, advancing audit readiness, and advising stakeholders on practical, business-aligned risk mitigation strategies.

In recent roles, I led enterprise-level risk assessments and vulnerability analyses that reduced overall system risk exposure by ~30%, and I directed ATO lifecycle activities (SSP development, control validation, and POA&M management) to reduce ATO processing timelines by 20–25% through workflow optimization. I also build executive-ready risk dashboards (e.g., Power BI) and delivered outcomes like zero major findings across multiple FISMA and FedRAMP reviews.

Experience

Work history, roles, and key accomplishments

Centers for Disease Control and Prevention logoCP
Current

Senior GRC Specialist

Centers for Disease Control and Prevention

Sep 2023 - Present (2 years 9 months)

Serves as the primary security steward for five federal information systems, advising system owners on FISMA, NIST 800-53, and FedRAMP control implementation decisions. Led enterprise risk assessments and ATO lifecycle activities, reducing overall system risk exposure by ~30% and cutting ATO processing timelines by 20–25% through workflow optimization and improved reporting.

FISMANIST 800 53FedRAMPPOA&M ManagementATO Lifecycle (SSP Controls Validation)Risk Assessment
FE

GRC Consultant

FedEx

Jul 2025 - Jul 2026 (1 year)

Evaluated and implemented 100+ security controls, strengthening compliance posture and reducing control deficiencies across enterprise systems. Built Power BI risk-register dashboards with automated refreshes, reducing reporting time from days to hours and improving executive visibility through 25+ assessment reports and briefings.

NIST CSFNIST 800 53FedRAMPSecurity Control AssessmentVulnerability AnalysisCompliance DocumentationPower BIExecutive Reporting
Maximus logoMA

Compliance and Privacy Analyst

Maximus

May 2020 - Sep 2023 (3 years 4 months)

Conducted 50+ risk assessments and third-party security evaluations, reducing vendor-related risk exposure by ~20% prior to onboarding. Completed PIAs/PTAs for 100% compliance, supported vulnerability scanning and remediation reaching 98% SLAs, and built risk dashboards that reduced stakeholder review time by 15–25%.

Privacy Threshold Analyses (PTA)Third Party Risk ManagementSecurity Compliance
Northrop Grumman logoNG

CAD Design Engineer

Northrop Grumman

Nov 2013 - May 2020 (6 years 6 months)

Led cross-functional design projects by coordinating multiple engineering disciplines to meet federal standards and deadlines, improving team efficiency and reducing project delays. Served as project lead, supported secure-environment design efforts, and mentored junior team members to improve the quality and consistency of deliverables.

CAD DesignEngineering Project ManagementCross functional CoordinationFederal Program SupportTechnical DocumentationSecure Environment Design SupportMentorship

Education

Degrees, certifications, and relevant coursework

Keller Graduate School of Management logoKM

Keller Graduate School of Management

Master of Information Technology Management, Information Security

Earned a Master of Information Technology Management with a concentration in Information Security.

DeVry University logoDU

DeVry University

Bachelor of Science, Computer Information Systems

Earned a Bachelor of Science in Computer Information Systems with a focus on Cybersecurity Programming.

Gwinnett Tech logoGT

Gwinnett Tech

Associate degree, Drafting and Design

Earned an associate degree in Drafting and Design.

Tech stack

Software and tools used professionally

Gmail logo

Gmail

Jira logo

Jira

ServiceNow logo

ServiceNow

Evidence logo

Evidence

Availability

Open to opportunities

Location

United States

Authorized to work in

United States

Job categories

GRC ConsultantSecurity Compliance AnalystCyber Risk AnalysisVulnerability Management SpecialistPrivacy Compliance AnalystGRC ConsultingSenior GRC ConsultantGRC AdvisoryGRC Specialist

Skills

Enterprise Risk ManagementVulnerability AnalysisPolicy DevelopmentSecurity Advisory ServicesCompliance AssessmentsIncident ResponseMonitoringPOA&M ReportingSecurity Design ReviewsBusiness ContinuityNIST CSFNIST 800 53ISO 27001FedRAMPFISMAHIPAAThird Party Risk ManagementRisk AssessmentATO LifecycleSecurity Documentation FrameworkExecutive ReportingServiceNowArcherPower BIJiraConfluenceSharePointSOCEvidenceGmail

Interested in hiring Xavier?

You can contact Xavier and 90k+ other talented remote workers on Himalayas.

Message Xavier

People also viewed

View all talent

Find your dream job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan