Curriculum Vitae

James K. Bishop, IAM/IEM, CNSS 4011-4016

Email: jameskbishop@gmail.com
Website: https://jameskbishop.com | Blog: http://jameskay.online
X Profile: @James_K_Bishop

Professional Summary

Visionary cybersecurity and governance, risk, and compliance (GRC) leader with 30 years of experience driving secure, compliant IT solutions across fintech, healthcare, and technology sectors. Expertise in aligning technology with business objectives, implementing NIST, HIPAA, SOX, and GDPR-compliant frameworks, and fostering inclusive, high-performing teams. Proven track record of reducing risks, deploying enterprise systems, and securing multi-million-dollar contracts through strategic advisory. As Founder of Stage Four Security and Stage Four Institute, I advance cybersecurity innovation and education. My blog at http://jameskay.online showcases raconteur-style storytelling on politics and policy, reflecting conservative, federalist, and republican values, alongside my passions for music, Texas Rangers baseball, and Texas heritage. Certified in NSA IAM/IEM and CNSS 4011-4016, I am poised to lead transformative IT initiatives in dynamic environments.

Education

Master of Business Administration in Information Assurance
University of Dallas, Irving, TX

Bachelor of Arts in History
University of Texas at Arlington, Arlington, TX

Professional Certifications

  • NSA IAM/IEM: INFOSEC Assessment & Evaluation Methodology
  • CNSS 4011-4016:
    • NSTISSI-4011: Information Systems Security (INFOSEC) Professionals
    • CNSSI-4012: Senior Systems Managers
    • CNSSI-4013: System Administrators (SA)
    • CNSSI-4014: Information Systems Security Officers
    • NSTISSI-4015: Systems Certifiers
    • CNSSI-4016: Risk Analysts

Professional Experience

Lennar Corporation, Irving, TX
Lead / Cybersecurity Governance, Risk & Compliance (GRC)
2025–Present

  • Served as GRC Team Lead within Lennar’s Cyber Security organization, driving core components of the cybersecurity governance program, including policy development and review, risk management, and compliance alignment with SEC, GLBA, privacy laws, and ISO/NIST frameworks, ensuring enterprise-wide regulatory adherence and risk mitigation.
  • Authored and delivered Lennar’s enterprise Artificial Intelligence Management System (AIMS) Manual, aligning enterprise AI governance to ISO/IEC 42001, NIST AI RMF, and ISACA AAISM, encompassing lifecycle governance, risk and impact assessment models, AI incident response, TEVV (Testing, Evaluation, Verification & Validation), and secure development & deployment requirements, establishing one of the most substantial governance artifacts across Lennar’s security ecosystem.
  • Created the full AI policy suite, including AI Acceptable Use Policy, Common Criteria overview, and a structured Confluence sidebar with full child-page architecture, demonstrating leadership in documentation architecture, policy authoring, and cross-team enablement for enterprise adoption.
  • Led and supported cyber insurance renewal responses, contributing detailed policy-based interpretations for complex insurance supplemental applications (e.g., biometrics and tracking technologies), clarifying compliance posture, ensuring safe/legal representations, reducing risk of misstatements in insurer filings, and coordinating with GRC leadership and the CISO for the 2026 renewal cycle.
  • Coordinated policy modernization and review leadership with stakeholders, reviewing PwC-recommended updates to Lennar’s Information Management & Cybersecurity Policy, representing GRC and acting as a point of contact, including data governance updates, retention standards, policy benchmarking & gap analysis, and ensuring compliance deadlines were met.
  • Acted as a key player in internal audit, SOC 2, NIST, and penetration testing remediation discussions, actively involved in analysis and remediation planning for pen test findings (Kroll), IT control audit requirements, SOC 2 / NIST documentation gaps, and VDI and Citrix access control compliance, centering on evidence gathering, root-cause analysis, and coordinating policy and control adjustments.
  • Contributed to executive-level risk reporting through multiple Board-facing documents (e.g., Board Risk Overview – Dec 2025), listed as the creator/editor, directly informing executive risk decisions and demonstrating trust at the highest level with strategic impact.
  • Served as a key contributor to cross-functional security efforts, across collaboration threads with senior leadership, GRC team members, and Mortgage and Title security teams, fostering integrated security initiatives across Homebuilding, Mortgage, and Title divisions.
Stage Four Institute, Plano, TX
Founder & Executive Director
2025–Present
  • Established a leading cybersecurity education platform, developing GRC workshops that trained 100+ professionals in NIST and ISO 27001 frameworks.
  • Published thought leadership content at http://stagefour.org, blending cybersecurity insights with policy discussions, increasing industry visibility by 20%.
  • Fostered partnerships with academic institutions, promoting inclusive learning environments for diverse cybersecurity professionals.
Stage Four Security, Plano, TX
Founder & Advisory Partner
2019–Present
  • Developed NIST, ISO 27001, and SOC 2-compliant GRC frameworks, reducing compliance risks by 30% through automated controls and vendor risk assessments.
  • Architected AWS-based IT infrastructures with ZTNA, cutting costs by 20% and enhancing scalability for fintech and healthcare clients.
  • Led enterprise risk assessments, mitigating control gaps and improving security scores by 40% for client organizations.
  • Recruited and mentored multicultural teams, achieving a 90% retention rate and fostering an inclusive workplace culture.
JPMorganChase, Plano, TX
Vice President, Risk Assurance
2024
  • Provided strategic IT guidance to C-suite leaders, implementing Zero Trust IAM frameworks, mitigating 95% of vulnerabilities.
  • Led enterprise system upgrades using Jira and cloud platforms, reducing downtime by 15% and improving service delivery.
  • Presented risk and compliance reports to executives, achieving 100% stakeholder approval for remediation strategies.
  • Mentored 15+ IT managers, improving team performance metrics by 20% through targeted development programs.
CoreLogic, Dallas, TX
Principal, Corporate Information Security
2022–2023
  • Secured AWS infrastructure with IAM and network segregation, improving system performance by 20% and supporting fintech operations.
  • Implemented SIEM solutions, reducing incident response times by 50% with NIST-compliant threat detection processes.
  • Advised on infrastructure security strategies, enhancing system reliability by 15% and ensuring business continuity.
  • Supported RFP security responses, contributing to a 10% increase in client portfolio revenue.
Unisys, Dallas, TX
CISO Advisor, Consulting Senior Manager
2017–2018
  • Secured $5M+ in contracts by aligning cybersecurity solutions with client needs, collaborating with sales teams on strategic proposals.
  • Developed GDPR and SOX-compliant policies, ensuring audit readiness and reducing compliance risks by 25%.
  • Streamlined audit workflows using GRC tools, cutting preparation time by 25% and improving efficiency.
  • Led client workshops on phishing and threat awareness, enhancing workforce readiness and client trust.
Sirius Computer Solutions, Dallas, TX
Managing Security Consultant (2015–2017)
IT Consultant, Security Solutions SME (2013–2015)
Enterprise Security Architect (2011–2013)
  • Oversaw $10M+ IT infrastructure projects, delivering on-time solutions that improved operational efficiency by 25% and supported multi-million-dollar deals.
  • Conducted NIST and GDPR risk assessments, mitigating control gaps and improving security scores by 30%.
  • Served as an agile coach, enhancing project delivery timelines by 15% through streamlined processes.
  • Authored white papers, increasing brand visibility by 20% and positioning Sirius as a compliance leader.
University of Dallas, Irving, TX
Adjunct Professor of Technology Management
2014–2018
  • Developed and taught GRC courses, preparing 200+ students for industry roles with practical cybersecurity training.
  • Fostered an inclusive classroom environment, supporting diverse learners and achieving a 95% course satisfaction rate.
  • Integrated real-world case studies, enhancing student readiness for compliance and risk management careers.
CVS Caremark Corporation, TX
Senior Analyst, Information Security Regulatory Compliance (2010–2011)
Security Shared Services (2009–2010)
Security Monitoring and Policies (2007–2009)
  • Achieved PCI-DSS, SOX, and HIPAA compliance, leading SOC audits with zero major findings over three years.
  • Trained 200+ employees on security awareness, increasing compliance adherence by 35% and fostering a risk-aware culture.
  • Streamlined SOX control testing using GRC tools, improving audit accuracy and reducing preparation time by 20%.
  • Coordinated with auditors to resolve deficiencies, ensuring regulatory trust and client confidence.
NEC Unified Solutions, Irving, TX
Network Security Consultant
Jan 2006–Sep 2006
  • Implemented network security policies, reducing vulnerabilities by 25% through firewall and IDS/IPS configurations.
  • Conducted risk assessments, providing actionable recommendations to enhance system security.
  • Supported client engagements, delivering security solutions that improved operational resilience.
The Broadlane Group, Dallas, TX
IT Governance Consultant
Aug 2005–Nov 2005
  • Developed IT governance frameworks, aligning technology with healthcare client objectives and reducing risks by 20%.
  • Conducted compliance audits, ensuring adherence to HIPAA standards and supporting client trust.
  • Advised on IT strategy, improving system efficiency and stakeholder satisfaction.
Internet America, Dallas, TX
Security Analyst, Policy Enforcement
1998–2005
  • Enforced security policies, reducing unauthorized access incidents by 30% through robust monitoring systems.
  • Conducted vulnerability assessments, mitigating risks and improving network security.
  • Supported IT operations, ensuring reliable service delivery for thousands of users.
University of Texas at Arlington, Arlington, TX
Technical Director & Webmaster, Engineering Television
1994–1998
  • Managed IT systems for educational media, improving content delivery efficiency by 20%.
  • Developed web platforms, enhancing accessibility for students and faculty.
  • Led technical teams, fostering collaboration and achieving project milestones.

Publications & Thought Leadership

  • Blog: http://jameskay.online
    • Authored 50+ raconteur-style articles blending politics, policy, and personal passions from a conservative, federalist, and republican viewpoint, reaching 10,000+ readers annually.
    • Explored themes of limited government, states’ rights, and individual liberty, weaving in Texas-centric narratives, such as the state’s independent spirit and historical legacy, driving 20% engagement growth.
    • Shared stories celebrating my musicianship as a bassist and singer, performing in local Texas venues, and my deep-rooted fandom for the Texas Rangers, reflecting patriotic pride in America’s pastime.
    • Highlighted my fascination with all things Texas, from its cowboy heritage to its role in shaping national policy, connecting personal patriotism with broader conservative values.
  • White Papers & Workshops
    • Authored white papers at Sirius (2011–2017) and Stage Four Institute (2025–present), positioning organizations as compliance leaders and increasing brand visibility by 20%.
    • Led GRC workshops at Stage Four Institute, training professionals in ISO 27001 and NIST standards, enhancing industry knowledge.

Professional Affiliations & Activities

  • Stage Four Institute (2025–present): Founder, advancing cybersecurity education through workshops and publications.
  • X Platform (@James_K_Bishop): Share insights on cybersecurity and conservative policy, engaging 5,000+ followers with compliance-focused and patriotic content.
  • Industry Forums: Participated in cybersecurity conferences, presenting on GRC and risk management best practices.

Skills

  • Cybersecurity & GRC: NIST, ISO 27001, SOC 2, HIPAA, SOX, GDPR, PCI-DSS, Zero Trust, SIEM, ZTNA
  • Cloud & Infrastructure: AWS, Azure, IAM, network segregation, secure DevOps
  • Leadership: Team mentoring, agile coaching, inclusive workforce development
  • Project Management: Jira, agile methodologies, budget management ($10M+ projects)
  • Audit & Compliance: SOC audits, risk assessments, internal controls
  • Communication: Executive reporting, stakeholder engagement, non-technical presentations

Unified Bio Context

A devoted family man and strategic thinker, I blend a passion for baseball, music, and Texas history with a relentless drive to secure technology ecosystems. As a bassist and singer, I perform in local venues, celebrating Texas’s vibrant culture. A proud Texas Rangers fan, I embody patriotism and a deep fascination with the Lone Star State’s heritage. My career reflects a commitment to integrity, inclusion, and innovation, delivering solutions that protect sensitive data and empower organizations. With a conservative, federalist perspective, I advocate for principled policy through storytelling at http://jameskay.online, poised to lead transformative IT and cybersecurity initiatives.

Scroll to Top