Security Governance

Policy architecture, compliance programs, and board-level reporting across established frameworks like NIST CSF, SOC2, HIPAA, CMMC, and ISO 27001. That foundation extends into AI-specific governance including ISO/IEC 42001, ISO/IEC 23894, the NIST AI Risk Management Framework, and EU AI Act compliance. Most governance practitioners handle one side or the other. I work across both because the regulatory landscape no longer lets you separate them.