Bennie Cleveland

I provide cybersecurity, technology-risk, and compliance leadership for organizations that need experienced support without hiring full-time staff. My work focuses on strengthening governance, maturing controls, improving audit readiness, and keeping security aligned with the way the business actually operates.

Core Services I Provide

Fractional vCISO Leadership

Set cybersecurity strategy and roadmap

Run governance meetings (Steering Committees, Risk Councils, IR governance)

Develop and track security KPIs/KRIs (MTTD/MTTR, critical vulnerabilities, patch cadence, phishing trends, vendor risks)

Oversee risk reduction initiatives and guide remediation efforts

Partner with technology, privacy, compliance, and executives to embed security into operations

Day-to-Day GRC Support

Governance & Risk Management

Maintain the enterprise risk register and score risks

Update policies, standards, procedures, and control documentation

Perform ongoing risk assessments for systems, vendors, and projects

Conduct Business Impact Analyses (BIAs) and support BCP/DR program updates

Manage exceptions, waivers, and risk acceptance workflows

Compliance Operations

Monitor compliance with frameworks (NIST, ISO, SOC 2, HIPAA, HITRUST, FFIEC, GLBA)

Coordinate evidence collection and documentation for audits

Ensure ongoing alignment with regulatory expectations

Conduct internal compliance reviews and gap analyses

Build compliance dashboards and executive reporting

Third-Party Risk Management (TPRM)

Review and score vendor assessments

Evaluate SOC 1/SOC 2 reports for gaps and red flags

Validate vendor security controls and high-risk service arrangements

Develop corrective action plans with business owners and vendors

Day-to-Day Cybersecurity Support

Identity, Access, and Data Protection

Review access controls (RBAC, least privilege, privileged access)

Validate onboarding/offboarding processes

Support IAM governance reviews and access recertification campaigns

Vulnerability, Patch, and Cloud Security Oversight

Review patching cadence and vulnerability trends

Validate critical and high-risk vulnerabilities are remediated timely

Assess cloud configurations (AWS/Azure) for misconfigurations and policy gaps

Incident Response & Operational Support

Update and maintain IR playbooks and runbooks

Provide real-time guidance during incidents (triage, containment, eradication steps)

Facilitate and document tabletop exercises

Deliver post-incident reports and lessons learned

Audit Services (Internal, External & Regulatory)

Cyber & IT Audit Execution

Plan, execute, and report on cybersecurity, ITGC, privacy, and cloud audits

Perform control testing (design and operating effectiveness)

Validate evidence, walkthrough processes, and document test results

Evaluate processes against NIST, ISO, HIPAA, SOC 2, FFIEC, SOX, and other frameworks

Identify control gaps, root causes, and practical remediation steps

Prepare management action plans and follow-up testing

Conduct pre-audit readiness assessments and mock audits

Audit Advisory & Remediation

Support audit responses, corrective action plans, and closure validation

Build audit trackers, remediation dashboards, and leadership reporting

Coach process owners on control requirements and evidence expectations

Additional Services

AI Governance development (NIST AI RMF, ISO 42001)

Security program maturity benchmarking

Executive cyber briefings, board materials, and risk summaries

Policy and documentation development (SecOps, DR/BCP, access, data protection, IR, privacy)