- SOC Audit
Situation: At Zenith, our team was preparing for a SOC 2 readiness assessment.
Task: I was responsible for conducting vulnerability assessments and ensuring evidence aligned with SOC 2 and SSAE requirements.
Action: Using Splunk SIEM, Nmap, and IDS/IPS, I identified vulnerabilities, documented remediation steps, and mapped evidence to SOC 2 control objectives.
Result: The SOC 2 audit passed with no major findings, and our documentation was praised for clarity and completeness.
IT General Computing Controls (ITGCC)
Situation: During my role as a Network Support Specialist, auditors required proof of IT general controls compliance.
Task: Ensure operational procedures aligned with ITGCC standards.
Action: I standardized firewall/VPN configuration procedures, documented LAN/WAN monitoring steps, and maintained audit‑ready evidence in Google Sheets.
Result: The ITGCC review confirmed compliance, and our team reduced repeat audit requests by 30%.
SSAE Reporting
Situation: A compromised account triggered an incident response that required SSAE evidence.
Task: Document incident response actions for SSAE reporting.
Action: I investigated the account using Splunk SIEM and Cisco firewall logs, executed containment, and documented every step in the incident log for SSAE attestation.
Result: The SSAE report validated our control design and effectiveness, strengthening our audit posture and executive confidence.
Project Management
Situation: After a major incident, multiple teams needed coordinated remediation before the next audit cycle.
Task: Lead the after‑action review and ensure remediation aligned with compliance deadlines.
Action: I facilitated cross‑functional meetings, documented lessons learned, and tracked remediation tasks in Asana.
Result: Remediation was completed ahead of the audit deadline, and incident recurrence dropped significantly.
Audit Management
Situation: During integration events, leadership required audit‑ready reports on outages and incidents.
Task: Prepare compliance documentation end‑to‑end.
Action: I compiled network performance data from Wireshark and Splunk, documented outages, and aligned reports with audit requirements.
Result: Reports were delivered on time, enabling smooth audit reviews and reinforcing compliance readiness.
Cross‑Functional Relationship Development
Situation: Security incidents often required both technical and business input.
Task: Provide situational updates that aligned risk findings with business objectives.
Action: I translated technical alerts from SIEM and IDS/IPS into business‑impact language for executives, while coordinating with IT teams on remediation.
Result: Stakeholders understood the risk clearly, trusted the process, and supported prioritization of fixes.
Stakeholder Management
Situation: During a high‑priority incident, IT wanted immediate containment while compliance needed documentation.
Task: Balance competing stakeholder needs.
Action: I escalated the issue, delivered real‑time updates to executives, and influenced remediation priorities by aligning them with audit deadlines.
Result: Both containment and documentation were achieved, building trust with leadership and reinforcing my credibility as a bridge between teams.
Certifications (Credibility Anchor)
Situation: FIS values candidates with industry certifications to validate expertise. Task: Demonstrate technical depth and governance knowledge.
Action: I earned CompTIA Security+, Network+, AWS Cloud Practitioner, ISO/IEC 27001 Lead Auditor & Implementer, and ISC2 Certified Cybersecurity.
Result: These certifications show I can operate across technical, compliance, and governance domains — exactly what’s needed for SOC audits, SSAE reporting, and ITGCC alignment.
