Compliance & Regulatory
Hands-on experience working with auditors and compliance tools across heavily regulated industries -- supporting SOC 2, HIPAA, and government frameworks from gap assessment through certification.
Frameworks
Experience supporting compliance programs across major regulatory frameworks in healthcare, government, and financial services.
Supported SOC 2 programs spanning the Trust Service Criteria -- working directly with auditors and implementing the controls and evidence needed for certification.
Supported HIPAA compliance across healthcare organizations -- working with auditors and tools covering the Privacy Rule, Security Rule, and Breach Notification requirements.
Experience working within FINRA-regulated environments -- supporting the compliance controls, recordkeeping requirements, and audit processes that financial services firms must maintain.
Capabilities
Practical, hands-on experience supporting compliance programs -- working alongside auditors, implementing controls, and managing the evidence and processes that make audits go smoothly.
Process
The structured approach I use to support organizations from compliance uncertainty through successful audit certification.
Define the compliance scope, identify applicable controls, and conduct a detailed gap analysis to understand the current state versus requirements.
Build a prioritized remediation roadmap with owners, timelines, and resource requirements -- balancing risk reduction with operational realities.
Design and implement technical and administrative controls, develop required policies and procedures, and train staff on their compliance obligations.
Conduct internal readiness reviews, collect and organize evidence, and walk through audit scenarios to identify and resolve any remaining gaps.
Coordinate directly with auditors, provide evidence, respond to findings, and guide the organization through to successful certification.
Establish continuous monitoring, evidence collection, and annual review cycles to maintain compliance and prepare for recertification.
Sectors
Compliance program experience across three highly regulated sectors, each with distinct regulatory requirements and risk environments.
HIPAA Privacy and Security Rule compliance, PHI protection, EHR security controls, and healthcare-specific audit support.
SOC 2 Type II certification, financial data protection controls, and compliance with financial sector security standards and customer audit requirements.
Hands-on experience in FINRA-regulated environments -- supporting compliance controls, recordkeeping obligations, and regulatory examination readiness.