Comprehensive compliance assessments, risk analysis, and audit readiness engagements following industry frameworks.
Enterprise-wide compliance evaluation against NIST SP 800-171 Rev 2 and CUI protection requirements. Complete gap analysis, policy development, and remediation planning across all 14 control families.
Complete security program built from scratch for a Series B fintech startup. 50+ artifacts across 6 phases: risk assessment, policy framework, BCP/DR with tested runbooks, security awareness, vendor risk management, and executive reporting.
Comprehensive IR program for a fintech payment processor (180 employees, $48M ARR). Policy framework, 4 structured playbooks, full tabletop exercise with 8 injects, communication plan, and post-incident review process. NIST SP 800-61 Rev 2 aligned.
End-to-end ITGC audit for a digital health platform (HIPAA-covered). 16 test procedures across 4 domains (User Access, Change Management, Backup & Recovery, Segregation of Duties) with risk-rated findings and corrective action plan. COBIT 2019 framework.
Governance maturity assessment for a healthcare technology company (1,200 employees, 3 acquisitions). 19 COBIT 2019 objectives assessed against 0-5 maturity scale. Findings mapped to COSO Internal Control principles. Prioritized recommendations for SOX readiness.
User access provisioning and role assignment audit in a self-hosted ERPNext environment for a logistics company. 200+ users analyzed across 6 departments. Segregation of duties conflict matrix identifying 12 incompatible combinations. Triggered by $250K fraud incident.