Sean McClanahan

Roles available for:
-
Fractional
-
Consulting
-
Contract
- Interim
-
Dana, Iowa, United States
-
https://www.shieldedsignals.net
-
Country experience:
-
United States of America
Northern America
-
-
Languages:
-
English (US)
English (US)Level: Native
-
English (US)
Achievements

-
Expertise
Compliance Program Management, SOC 2, SOC 1, Audit Management, NIST 800-53, PCI DSS, TISAX, FedRAMP Readiness, Secure Controls Framework (SCF), Information Security Governance, Risk Management, Policy Development, vCISO, vCCO, Virtual Compliance Officer -
Services
Fractional vCCO and compliance program leadership. SOC 2, NIST 800-53, PCI, and TISAX readiness. Audit management. Policy, standard, and SOP architecture. Risk translation for leadership. Communications continuity and secure-comms advisory.
-
Employees overseen
350 employees
-
Budget overseen
$ 2,000,000
Roles available for:
-
Fractional
-
Consulting
-
Contract
- Interim
-
Dana, Iowa, United States
-
https://www.shieldedsignals.net
-
Country experience:
-
United States of America
Northern America
-
-
Languages:
-
English (US)
English (US)Level: Native
-
English (US)
Achievements
Why hire me in a fractional role
Experience
Strengths in this role: Building compliance programs from the ground up in resource-constrained environments. Translating technical security risk into clear business and policy language, not vulnerability lists. Making order from chaos, then handing off a program that runs without me. Comfortable being the only compliance voice in the room and making the case for it. Calibrating my involvement to what each engagement actually needs.
Industry Group: High Tech
Industry: Computer & Network Security
Years of experience: 12 years
Company name: SumTotal Systems / Cornerstone OnDemand
Company size: 750 employees
Role in this company: Built and owned the compliance program for a SaaS/eLearning HR platform. Ran SOC 1 and SOC 2 audits annually, managed a multi-year NIST 800-53 program and FedRAMP readiness effort, maintained PCI compliance, and stood up TISAX to support a major automotive OEM relationship. Established the standards layer that made controls measurable across all of it, then carried the program through the company's acquisition by Cornerstone OnDemand.
Strengths in this role: Building and owning compliance programs as the sole practitioner in resource-constrained environments. Establishing the standards layer most programs skip, so controls are measurable rather than aspirational. Translating technical risk into business language, not vulnerability lists. Holding the line that compliance is more than box-checking, even when it would be easier not to. Calibrating involvement to what the engagement needs.
Industry Group: High Tech
Industry: Computer & Network Security
Years of experience: 12 years
Company name: Exol
Company size: 100 employees
Role in this company: Sole owner of the compliance program for a tech-enabled logistics platform. Built the policy, standard, and SOP architecture from the ground up, lead SOC 2 readiness, and manage the Secure Controls Framework implementation that maps controls to measurable standards. Translate technical security risk into business-level decisions for leadership rather than treating compliance as a box to check.
-
Degrees & accreditations
CompTIA Security+
-
Membership & affiliations
Wing Commander - Iowa Wing, Civil Air Patrol
-
Success story
I took command of a Civil Air Patrol wing that was in need of help. I rebuilt it from the ground up: fixed the broken processes, put the right people in the right roles, and established the structure it had been missing. Today it runs essentially on its own. I turn a few knobs when needed, but the engine I built keeps running with minimal intervention from me. That is exactly how I approach a compliance program. Build order from chaos, then hand off something that sustains itself.