Nick Sotiroglou
Certified Information Systems Auditor

Nick Sotiroglou

Years of experience in Compliance, Product, and Technical Operations.

I help teams turn compliance requirements into practical controls, documentation, and working processes. My background includes audit readiness, evidence management, control support, product delivery, quality assurance, and software development.

View Resume LinkedIn
Portrait of Nick Sotiroglou

Compliance Expertise

Audit-ready thinking

Hands-on experience supporting compliance programs across controls, evidence, documentation, remediation, and operational follow-through.

Compliance support

Supported compliance programs by helping turn requirements into practical controls, documentation, and repeatable operating processes.

Audit readiness

Worked across evidence collection, auditor support, remediation tracking, and day-to-day readiness for reviews and certifications.

Control operations

Helped teams maintain controls through ownership tracking, process follow-through, documentation cleanup, and operational support.

Framework exposure

Built for real audits

Exposure to the security, privacy, and operational frameworks that software teams actually work against.

SOC 2 ISO 27001 ISO 27701 ISO 9001 ISO 20000-1 ISO 22301 HIPAA PCI-DSS GDPR CCPA/CPRA FedRAMP NIST CSF NIST 800-53 NIST 800-171 CMMC HITRUST CSF

Experience

My career

Kasbah Labs logo

Kasbah Labs

Compliance Product Developer

Built and launched a consumer-facing compliance web application, owning the product from concept through release and ongoing improvement.

Jun 2025 – Present
  • Conceived, designed, and built a consumer-facing web application for managing compliance requirements, controls, and operational workflows.
  • Owned full-stack development end to end, including architecture, feature design, front-end and back-end implementation, deployment, and maintenance.
  • Translated regulatory and framework-based requirements into practical product features, including control tracking, evidence management, and policy-based workflows.
  • Implemented technical and operational controls to support secure data handling, accountability, documentation, and audit readiness.
  • Managed the full product lifecycle independently, driving strategy, execution, release, and continuous enhancement.
11:11 Systems logo

11:11 Systems

Compliance Specialist

Supported enterprise compliance programs across major regulatory and security frameworks, with a focus on audits, risk management, and operational controls.

Mar 2023 – Present
  • Managed and supported organizational compliance across frameworks including SOC 2, ISO 27001, HIPAA, and PCI-DSS.
  • Coordinated internal and external audits, including evidence collection, documentation management, and auditor communications.
  • Performed risk assessments, control testing, and continuous monitoring to evaluate compliance posture and drive remediation.
  • Partnered with security, IT, legal, and operations teams to implement compliant processes, policies, and controls.
  • Maintained compliance documentation and supported vendor and third-party risk management efforts.
ThreeFlow logo

ThreeFlow

Product Delivery Manager

Led cross-functional delivery and compliance initiatives, helping align product execution with security, audit, and regulatory requirements.

Dec 2021 – Feb 2023
  • Led cross-functional initiatives supporting compliance objectives, including coordination toward SOC 2 Type II certification.
  • Worked with engineering, security, and business stakeholders to translate compliance requirements into actionable deliverables.
  • Facilitated Agile delivery processes as Scrum Master while integrating compliance and security into development workflows.
  • Tracked compliance-related activities, risks, and control implementation to support audit readiness and ongoing assurance.
  • Reported project and compliance status to leadership, aligning timelines with regulatory expectations and risk priorities.
ThreeFlow logo

ThreeFlow

Project Management Operations Specialist

Improved support and delivery operations by building processes, coordinating feature rollouts, and assisting product teams with testing and adoption.

Jun 2021 – Dec 2021
  • Established and maintained product support processes, including SLAs, service desk configuration, knowledge-base materials, and user training.
  • Facilitated rollout of new features that improved customer experience and product efficiency based on CSAT and KPI metrics.
  • Supported development teams with user-acceptance testing as needed.
Ceterus logo

Ceterus

QA Engineer Team Lead

Led QA operations across manual and automated testing, helping improve release quality, team performance, and test coverage.

Dec 2019 – Jun 2021
  • Led QA efforts across a team of 4 in manual and automated testing, improving efficiency and quality through KPI-driven management.
  • Maintained the automated testing suite with the QA Automation Engineer, expanding coverage and creating new scripts from manual test plans.
  • Deployed code to non-production environments daily using Jenkins and CircleCI.
Ceterus logo

Ceterus

QA Engineer

Executed test planning and defect validation across multiple applications, with a focus on quality, reproducibility, and technical accuracy.

May 2019 – Dec 2019
  • Developed and executed comprehensive test plans to uncover defects across multiple applications and devices.
  • Documented defects in JIRA with detailed reproduction steps, screenshots, and videos, escalating issues based on impact.
  • Used SQL regularly to validate test results and recommend corrective actions to engineering teams.
Ceterus logo

Ceterus

Technical Support Specialist

Handled technical support operations, documentation, and data quality work while serving as a bridge between users and engineering.

Feb 2018 – May 2019
  • Responded to internal and customer support requests in Zendesk, ensuring issues were resolved within SLA targets.
  • Created documentation for Product Support and Customer Service teams, translating technical concepts into clear, usable guidance.
  • Conducted data cleanup and analysis to improve information accuracy.

Tools & Platforms

Tools and platforms I’ve used

Security, Identity, & Compliance

Identity, endpoint protection, code security, and compliance automation.

Okta CrowdStrike Snyk SonarQube Vanta Drata OneTrust

Cloud & Infrastructure

Hosting, networking, containerization, and infrastructure as code.

AWS Azure Google Cloud Cloudflare Docker Kubernetes Terraform Render

DevOps & CI/CD

Build pipelines, automation, and deployment workflows.

Jenkins GitHub Actions GitLab CI Argo CD Helm CircleCI Azure DevOps

Source Control

Code hosting, version control, and collaboration.

GitHub GitLab Bitbucket

Data & Analytics

Event tracking, warehousing, BI dashboards, and reporting.

PostHog Google Analytics Segment Snowflake Tableau Looker Power BI Databricks MongoDB Prometheus Grafana Datadog Splunk New Relic Dynatrace

Project & Work Management

Task tracking, planning, and team coordination.

Jira ClickUp Asana Trello Workday Figma Miro

Knowledge & Documentation

Internal docs, wikis, and structured knowledge systems.

Confluence Notion Airtable Glean

Communication & Collaboration

Messaging, email, and real-time team communication.

Slack Google Workspace Microsoft 365 Twilio

Support & IT Operations

Ticketing, service management, and internal support workflows.

ServiceNow Zendesk PagerDuty

CRM & Revenue Systems

Sales pipelines, customer data, and revenue intelligence.

Salesforce HubSpot Gong Oracle SAP Stripe Adobe Experience Cloud Marketo NetSuite

Approach

I work at the intersection of compliance and execution.

I’ve worked close to audits, controls, product teams, engineering, and delivery. That makes me useful in roles where requirements need to become real processes, real systems, and real follow-through.