Successfully led the implementation of SOC 2 and ISO/IEC 27001 compliance for a previous employer.
This project documents a successful enterprise compliance implementation where I led the effort to achieve SOC 2 and ISO/IEC 27001 certification readiness for a previous employer. The engagement covered the full lifecycle of compliance: scoping, policy and procedure development, technical control implementation, third-party assessments, and audit preparation.
Key Contributions
- Led cross-functional teams including security, engineering, legal, and operations to define scope and objectives.
- Developed and formalized security policies and procedures aligned with ISO/IEC 27001 Annex A controls and SOC 2 Trust Services Criteria.
- Implemented technical controls: centralized logging, SIEM integration, access controls, encryption at rest and in transit, and secure CI/CD pipelines.
- Managed vendor risk assessments and remediation for critical third-party services.
- Coordinated internal readiness assessments and worked with external auditors to close findings and achieve certification readiness.
Technologies & Tools
- Go, Bash scripting
- Docker, Kubernetes, Terraform
- AWS, GCP, Azure
- SIEM tools, vulnerability scanners (e.g., SAST/DAST), and cloud security posture tools
Outcome
- Achieved audit readiness with documented policies, implemented controls, and evidence packages prepared for external assessors.
- Improved security posture, incident response capability, and vendor risk management processes.
This project reflects a strategic, hands-on approach to enterprise security and compliance.