Security GRC & Compliance

Conducting internal audits and security assessments against compliance frameworks such as ISO 27001, SOC 2, and industry-specific standards

Developing and maintaining security policies, procedures, and documentation aligned with compliance requirements

Managing risk assessment processes including identification, scoping, scoring, and residual risk calculation

Maintaining and operationalizing risk registers as dynamic governance tools that drive accountability

Designing and implementing security controls that meet regulatory and compliance requirements

Collecting, organizing, and preparing audit evidence across multiple compliance frameworks

Conducting vendor security assessments and managing third-party risk through security questionnaires and evaluations

Translating complex regulatory requirements into practical, scalable control implementations

Managing audit readiness activities including artifact preparation, timeline tracking, and action item management

Supporting user access reviews and identity governance across systems and applications

Building and managing compliance programs across multiple frameworks and regulatory requirements

Responding to customer security questionnaires and supporting due diligence requests

Evaluating technical implementations such as branch protection, CI/CD pipelines, and cloud architecture for compliance

Automating compliance monitoring and reporting through compliance-as-code tooling and integration

Building lightweight scripts and tools for evidence collection, control tracking, and audit reporting

Supporting AI governance and responsible AI compliance efforts including ISO 42001 and EU AI Act requirements

Implementing continuous monitoring and validation approaches for control effectiveness

Establishing supply chain risk management programs and third-party security controls

Leveraging AI tools to streamline GRC activities including evidence summarization and process documentation

Designing vulnerability management programs with risk-based prioritization and remediation tracking

Collaborating across engineering, product, security, and legal teams to align technical and compliance requirements

Communicating technical security concepts and compliance requirements to diverse audiences including executives and non-technical stakeholders

Building and maintaining trusted relationships with internal stakeholders, auditors, and external certification bodies

Acting as a liaison and subject matter expert during compliance audits and regulatory assessments

Driving cross-functional projects and managing timelines for compliance initiatives and remediation efforts

Translating business context and technical reality into clear audit narratives and compliance documentation

Advising senior leadership and security teams on strategic risks and geopolitical developments affecting security posture

Monitoring external policy shifts, regulatory changes, and ecosystem developments relevant to organizational security

Creating and delivering executive briefings and strategic analysis on cyber, geopolitical, and regulatory trends