---
name: "Robert E. Wiley Jr."
github: "robertwiley-grc"
specializations:
- "Risk Management"
- "Security Governance"
- "Third-Party Risk"
- "FAIR"
- "ISO 27001 Lead Auditor"
- "ISO 42001 Lead Auditor"
- "AWS Cloud Audit"
- "GRC Engineering"
- "NIST SP 800-171"
title: "GRC Mission Assurance Architect"
frameworks:
- "CJIS"
- "CMMC"
- "FedRAMP"
- "GovRAMP"
- "IRS Pub 1075"
- "ISO 27001"
- "ISO 42001"
- "NIST 800-53"
- "NIST 800-171"
- "NIST AI RMF"
- "NIST CSF"
- "NIST RMF"
- "StateRAMP"
languages:
- "Python"
certifications:
- "Lead CCA"
- "CySA+"
- "AWS Cloud Audit"
- "ISO/IEC 27001"
- "ISO/IEC 42001"
available_for:
- "mentoring"
- "speaking"
- "freelance"
- "collaboration"
projects:
- name: "Dissertation"
description: "Designed structured evidence validation approaches to reduce reliance on manual artifact review, improving consistency, traceability, and assessment efficiency within NIST SP 800-171 and CMMC environments."
- name: "Governance Mapping"
description: "Developed governance mapping structures linking controls, evidence, and assessment logic to support scalable GRC engineering practices."
---
## About Me
I am a cybersecurity GRC professional with over two decades of leadership experience, including 21 years in the United States Air Force, where I developed a strong foundation in mission assurance, operational discipline, and risk-based decision making. After transitioning into cybersecurity, I have focused on governance, risk, and compliance, with hands-on experience supporting regulatory and financial environments and conducting assessments aligned to federal standards.
My current work centers on NIST SP 800-171 and CMMC, where I serve as a Lead Certified CMMC Assessor (CCA). I am actively involved in assessing organizations, designing evidence strategies, and helping bridge the gap between compliance requirements and real-world implementation. I have also worked across audit and assurance functions, third-party risk management, and cloud compliance, with a focus on improving how organizations demonstrate and sustain compliance over time.
I am particularly interested in advancing structured approaches to GRC engineering, especially in how controls, evidence, and assessment logic can be better aligned to improve consistency and reduce ambiguity. My focus is on moving beyond checkbox compliance toward more scalable and defensible governance models that support both operational effectiveness and regulatory expectations.
I am passionate about contributing to communities like the GRC Engineering Club, where practitioners can collaborate on building more practical, structured, and forward-looking approaches to governance, risk, and compliance.
## Experience Highlights
- Lead CCA with experience conducting 70 NIST SP 800-171 and CMMC assessments
- 21 years of leadership experience in the United States Air Force, focused on mission assurance and operational risk management
- Experience supporting regulatory and financial environments, including work with state-level financial oversight
- Designed structured evidence validation approaches to improve consistency and traceability in GRC assessments
- Expertise in audit and assurance, third-party risk management (TPRM), and security governance
- Experience aligning compliance requirements with operational implementation across enterprise environments
- Exposure to cloud compliance and security assessment practices within AWS environments
- Focused on advancing GRC engineering practices and scalable governance models
## Get in Touch
robert.wiley@pnw360cyber.com 
