Frederick Shappee

Experience

• 

  Department of Homeland Security, Office of Inspector General

  Sept 2008 - Apr 2019

  Senior Program Analyst

  Sr. Program Analyst / Auditor with 10 years of experience in conducting program and corporate level internal audits to ensure compliance with Federal directives, regulations and policies.• Experience in performing role as Audit Team Lead responsible for all aspects of conducting program / corporate level internal audits to include planning, facilitating, conducting interviews, collecting facts and data, analysis, identification of key findings, and briefing Sr. Leadership.• Experience guiding IT system and performance internal audits and developing reporting standards.• Experience with conducting extensive analytical research and investigations with IT programs, project performance, risk assessments and physical and logical security reviews.• Experience in conducting risk assessments on key Government initiatives and programs through working with key stakeholders to identify and document risks and develop solutions to mitigate risk.• Excel at communicating audit findings to Sr leadership and recommending solutions.• Experienced in conducting independent reference reviews as part of internal quality control processes.• Experienced in writing investigative reports for congressional and management review.• Experienced with using qualitative and quantitative analysis of information through use of data analytics to support audit findings.• Experienced in conducting 90 day audit reviews to confirm audit recommendations are being followed.• Ability to quickly come up to speed on Federal and Corporate level policies, procedures and management directives necessary to perform required audits and investigations.• Experience facilitating team events to build comradely and increase moral as well as mentor junior level auditors.• Proficient with Microsoft suite of applications, Teammate (PWC product), SharePoint, and Project Tracking System• Dedicated and detail-oriented professional recognized for excellent diagnostic skills and commitment to teamwork. Show less

• 

  Boeing

  Apr 2019 - Mar 2021

  Information Technology Process Analyst, Application Security Administrator

  • Working experience with Security Compliance Deliverables such as Risk Assessment, System Criticality Assessment, Access Control Policy Assessment, Disaster Recovery Planning, and Defense Federal Acquisition Regulation compliance.• Working experience with the Application Vulnerability Assessment process as well as the Vulnerability Mitigation Process• Conduct 180 day assessments and Authored Disaster Recovery Plans (DRP) for 60+ applications • Assessing System Criticality Management Process (SCMP)• Ensuring that application comply with Information Security (IS) requirements for application security compliance activities• Ensuring that applications and their Application Managers (AM), Business System Managers (BSM), and IT Business Partners (ITBP) are identified, engaged, and aware of Information Security software assurance requirements.• Coordinating with the AM to ensure that sufficient information is available to perform needed and appropriate IS engagement and that the AM is aware of re-deployment responsibilities. • Worked with Application Subject Matter experts (SMEs) and Information Security teams to communicate and oversee application assessments and remediation requirements.• Developed and maintain a knowledge of tools and processes used for application assessments and remediation efforts within the scope of responsibility. Show less

• 

  Dell Technologies

  Apr 2021 - Feb 2024

  I was responsible for driving the operational execution of Dell’s Cybersecurity Policy & Standard program and associated processes. I performed oversight functions for the administration and maintenance of multiple policy repositories containing sensitive data and redacted files for internal and external customer consumption. I partnered with teams across SRO to conduct policy lifecycle/change management program which enabled Compliance by design. I evaluated Policies and Standards and provided recommendations for updates to allow for more substantial alignment with Dell’s security posture. I engaged with various subject matter experts (SMEs) to develop new requirements within Policies and Standards as well as managed stakeholder engagement across Dell to socialize and obtain concurrence on the new Policy and Standard requirements. I assisted in the annual reviews of all SRO and Dell Digital Policies and Standards. Proficient in Archer GRC tool for Control statement and Documentation reference, modification, and maintenance.Major Duties and Responsibilities:Assisted Business Owners, Domain Managers, and SME’s with the development of P&S's. Walked new and updated documents through the Executive notification and approval process.Processed change requests ranging in severity from No-impact to High risk/impact to company operations.Redacted corporate documents for public dissemination.Retired outdated P&S documents.Developed Tracking matrix for active deliverables. Created and maintained status presentations for management and executives.Conducted scheduled attestation and ad-hoc updating to SRO P&S documents.Maintained multiple databases.Implemented standardization by documenting processes and requiring adherence to new guidance.Conducted QA on deliverables. Documented and disseminated status reports of recent document updates for stakeholder awareness.Trained new hire employees in the P&S Change Management process. Show less US Portfolio Lead responsible for the Training and Support of US based ASA personnel, maintained a high level of work quality, the continued successful execution of compliance work to meet our Companies Goals, and assisted our customer in meeting their rigorous compliance requirements. Policy and Process:Created a Series of Compliance SOP documentation to standardize processes used by Dell employees in completing compliance tasks. Organized and Lead effort in re-formatting and transferring extensive Data artifact files from one Archive to another to better secure and manage data. Participated in leadership meetings that Identified issues, developed solutions, oversaw implementation of mitigation of identified issues, and implemented corrective measures to avoid repeated scenarios. Managed Personnel :Communicated with management, assisted in the decision-making process by advising Sr. Management on the capabilities of our employees and the intricacy of their work. Participated in identification, creation and implementation of improved processes that would increase the efficiency and ability of the compliance ASA to accomplish more work for our customer. Maintained open dialogue with employees, hosted flow down meetings and conveyed Sr. Managements requests and expectations Assigned tasks and responsibilities to ASAs to balance team’s workload and enable maximum efficiency. Periodically reviewed ASA application assignments to minimize touchpoints, increase productivity, and improve overall quality. Assist ASAs to elevate and expedite past due, or soon to be past due assignments. QA:Conducted periodic peer reviews of IT Compliance Documents against standard criteria and checklists. Documented in ADO peer review findings to be addressed by ASA. Provided feedback to ASAs on peer review findings - highlighting items that do not meet standards for accuracy, completeness and/or timeliness. Show less

  • Advisor, Cybersecurity Consulting

    Oct 2022 - Feb 2024

  • IT Compliance Portfolio Leader

    Apr 2021 - Sept 2022
• 

  SAIC

  Apr 2024 - Dec 2024

  IT Systems Engineer and ISSO