Audit Readiness & GRC Program Enablement

Focus Areas: SOC 2 · PCI DSS · CCPA · ISO/IEC 27001

Focused on transforming audit readiness from a reactive, audit-season effort into a continuous, well-governed program aligned with SOC 2, PCI DSS, CCPA, and ISO/IEC 27001 principles. I led cross-functional efforts to improve visibility into risk, standardize evidence management, automate governance workflows, and strengthen collaboration between business teams, technical teams, and auditors.

Experience

Established Executive-Level GRC Visibility

• Designed and automated a Power BI GRC Executive Dashboard providing leadership with monthly visibility into key compliance and risk metrics
• Tracked user access reviews, policy exceptions, audit artifacts, remediation activity, and vulnerability trends
• Enabled continuous monitoring, management review, and risk-based decision-making

Strengthened Access Controls & Resiliency

• Partnered with departments to complete and document User Access Reviews (UARs)
• Developed and maintained Disaster Recovery documentation aligned with audit and availability requirements
• Ensured access controls and recovery practices were clearly defined, owned, and consistently audit-ready

Operationalized Privacy & Regulatory Compliance (CCPA)

• Supported privacy access removals and data rights requests using OneTrust
• Ensured requests were processed within regulatory timelines and documented with appropriate approvals
• Maintained defensible evidence aligned with SOC 2 Privacy and ISO data protection controls

Centralized Evidence Management & Audit Support

• Gathered, validated, and archived audit artifacts from multiple business and technical teams
• Maintained organized evidence repositories to support internal audits, SOC 2, PCI DSS, and regulatory assessments
• Actively participated in QSA and auditor meetings, helping translate control intent, clarify scope, and resolve gaps efficiently

Supported Audit Findings & Timely Remediation (MAPS)

• Assisted teams in reviewing and addressing audit (MAPS) findings
• Partnered with control owners to identify root causes, define corrective actions, and track remediation efforts
• Ensured findings were remediated within required timelines and supported with appropriate evidence to meet audit expectations

Implemented Policy Exception Governance

• Created and facilitated a weekly policy exception review meeting with cross-functional stakeholders
• Built a Power Automate workflow and dashboard to track exception approvals and notify owners of upcoming expirations
• Documented risk acceptance decisions and communicated outcomes to leadership to maintain a clear audit trail

Enabled PCI DSS Compliance Through Training

• Designed and delivered PCI DSS training for employees involved in payment processing and credit card handling
• Reinforced secure handling practices, role-based responsibilities, and compliance expectations
• Supported ongoing audit readiness and reduced compliance risk

Developed People & GRC Capability

• Trained, mentored, and empowered early-career cybersecurity engineers
• Helped teams understand how technical controls support SOC 2, PCI DSS, and ISO requirements
• Strengthened long-term ownership and accountability for controls across the organization

Impact & Results

• Improved continuous audit readiness across SOC 2, PCI DSS, privacy, and internal audit programs
• Reduced audit friction by proactively addressing MAPS findings and control gaps
• Increased leadership visibility into compliance health and remediation status
• Strengthened collaboration between security, IT, legal, and business teams
• Built scalable, repeatable governance processes that supported consistent audit outcomes