Profile

Security & Compliance Program Manager

Security and compliance program leader with 10+ years of experience building operational systems across Product, Engineering, Legal, and IT organizations. Experienced in designing scalable compliance programs, automating operational workflows, and translating regulatory requirements into engineering processes. Led SOC 2 programs across multi-product environments and implemented enterprise controls supporting IPO readiness. Known for transforming ambiguous operational gaps into automated systems that scale with product growth.

Core Competencies

• Security and Compliance Programs: SOC 2 Type I and II, ISO 27001/ISO27017/ISO27018, GDPR/CCPA Privacy Programs, Internal Controls and Audit Readiness, Vendor Risk Management.
• Programs and Operations Leadership: Technical Program Management, Cross-functional Program Design and Delivery, Process Improvement, Process Automation, Workflow Automation, Operational Scaling, KPI/ Operational Reporting, Change Management.
• Security and Access Governance: RBAC, Access Lifecycle Management, Endpoint Security Programs, Change Management Controls, Business Continuity Planning.
• Tools: Jira, GitLab, Trello, Power Automate, Zapier, Confluence, LucidChart, Okta, Drata, OneTrust, Notion.

Key Automation & Operational Wins

• IPO Readiness & Access Controls (GitLab): Built and managed the IT compliance standards and RBAC frameworks that served as a foundational component for a successful IPO.
• End-to-End Onboarding Automation (GitLab): Re-engineered a manual, template-heavy process into a dynamic, automated workflow by syncing BambooHR with GitLab in partnership with Engineering.
• Audit Consolidation & Scaling (Current): Managed a complex landscape for 9+ SaaS products and consolidated 5 independent SOC 2 reports into a single unified report within one year, significantly reducing audit overhead.
• Privacy Response Automation (Current): Developed a Power Automate workflow that monitors privacy request emails and triggers real-time Teams notifications, enabling faster GDPR and CCPA response coordination.

Experience

Compliance & Risk | Independent Security & Compliance Consultant | April 2022 – Present

• Lead cross-functional SOC 2 and security programs spanning Legal, Product, and Engineering teams, translating regulatory requirements into operational processes and automated workflows.
• Partner with executive leadership to translate regulatory obligations and risk requirements into engineering-driven operational controls and program roadmaps.
• Oversee Change Management programs and conduct risk-based assessments to develop mitigation plans.
• Designed a Common Control Framework and leveraged an internal Gemini-based AI tool to identify overlapping controls, helping reduce duplicate work and improve consistency across requirements.
• Key areas of service: SOC 2 Program, Internal Audit, Policy Management, Sales Compliance Support, Risk Management, and Vendor Management.