Cloud Security Posture & Compliance Automation
Achieved 87% fewer security incidents and continuous SOC2/ISO compliance — reducing audit prep from 40 hours to 2 hours.
87%
fewer security incidents
2h
audit prep (was 40 hours)
$1.2M+
in compliance fines prevented
5×
faster cloud deployments
Role
Lead Technical Business Analyst — Cloud & Compliance
Timeline
Q2–Q3 2023 · 5 months
Delivery context
The Problem
Manual cloud security audits ran twice a year, took 40+ hours each, and still missed misconfigurations discovered months later. Regulators increasingly required continuous compliance evidence — not point-in-time snapshots — and the organisation had no process to provide it.
My Contribution
I led stakeholder engagement across security, engineering, and compliance teams to define the policy requirements and compliance evidence specifications for this continuous monitoring programme. I documented the control mapping from regulatory frameworks (SOC2, ISO 27001) to technical implementation requirements, authored the BRD for the continuous monitoring platform, and designed the automated evidence collection specifications. I also applied ITSM best practices — incident, change, and problem management — throughout the programme and ran change management workshops to help engineering teams understand the policy-as-code governance model and take ownership of their security posture.
The Solution
Requirements-led compliance programme: regulatory control-to-technical mapping, continuous monitoring BRD, automated evidence collection specifications, ITSM-aligned governance model, and change management programme for engineering adoption.
Results
- 87% reduction in security incidents
- Continuous SOC2 and ISO 27001 compliance
- Audit prep: 40 hours → 2 hours
- $1.2M+ in compliance fines prevented
- 5× faster cloud deployments
Shifting compliance into the engineering workflow required a cultural change as much as a technical one. The change management programme — helping engineering teams see security policy as their quality gate, not the compliance team's audit — was what drove adoption. Technical automation without that framing would have been worked around.
Tech Stack
Cloud
Compliance
Tools
Methodology
Related
How this project connects to the rest of my work.
Work phases this project exemplifies
Related testimonials
Proof metrics
Related projects
- API Security & Threat Detection ProgrammeSlashed attack detection time from 200+ days to under 5 minutes and automated remediation for 94% of incidents.
- Compliance & Risk Monitoring PlatformAchieved 98% money laundering detection accuracy and saved $50M+ in identified suspicious patterns — with full regulatory audit trail.