SOC 2 Compliance Program

Overview

End-to-end ownership of a two-phase SOC 2 compliance program: Type I (design effectiveness) followed by Type II (operating effectiveness over time). Scope included security policy creation, audit trail implementation, vendor risk assessment, and company-wide employee training. Coordinated across Engineering, Legal, and Operations from kickoff through both certifications.

Key Highlights

• Managed full SOC 2 Type I and Type II audit lifecycle
• Authored and implemented 20+ security and operational policies
• Established audit-ready evidence collection processes
• Coordinated external auditors throughout the full engagement
• Led cross-functional working group across Engineering, Legal, and Ops
• Achieved both certifications on schedule