Policy & Standards Framework

Overview

Authored and implemented enterprise-wide security policies and standards covering cryptography, data classification, data loss prevention, vulnerability management, and secure software development. Partnered with legal, compliance, and engineering stakeholders to ensure policies were actionable, aligned with regulatory requirements, and embedded into daily operations. Delivered training and enablement programs to drive adoption.

Role

Director acting as lead author with deployment executed by my extended team.

Impact

Standardized security practices across business units, improved compliance readiness (SOC 2, ISO 27001), and reduced policy exceptions by creating clear, enforceable guidance. Established a sustainable governance foundation that supported scaling security maturity and passing external audits.

Technologies, Frameworks, and Artifacts

• ISO 27001
• SOC 2
• NIST CSF
• CIS Controls
• Cloud Security Alliance
• Enterprise policy management platforms