Nick Sotiroglou
Certified Information Systems Auditor

Compliance & Audit Specialist

CISA-certified compliance professional helping software and technology teams turn requirements into controls, evidence, and audit-ready operating practices.

Experience supporting SOC 2, ISO 27001, HIPAA, and PCI-DSS compliance work across security, IT, legal, product, and operations teams. Background in QA, technical support, and product delivery, with a practical understanding of how technical teams document, test, and operationalize controls.

Download Resume View LinkedIn Contact
Portrait of Nick Sotiroglou

Core Strengths

Evidence-backed execution

Hands-on experience helping compliance programs run cleanly across audits, controls, risk, and operational execution.

Audit readiness

Preparing teams for external reviews by keeping audit requests, control evidence, and certification needs organized and actionable.

Control operations

Helping control owners translate framework requirements into operating practices, testing activity, and maintainable records.

Risk & remediation

Turning gaps, exceptions, and risk findings into clear ownership, next steps, timelines, and completion visibility.

Framework Experience

Real-world experience

Hands-on experience with core security and compliance frameworks, plus familiarity with adjacent privacy and risk frameworks commonly followed by software teams.

Hands-on experience

SOC 2 ISO 27001 HIPAA PCI DSS

Familiar with

GDPR CCPA/CPRA NIST CSF

Selected Compliance Work

Key contributions

  • Coordinated and supported five external audits across two organizations involving SOC 2, ISO 27001, PCI DSS, and HIPAA-related compliance activities.
  • Helped maintain a 300+ control library across SOC 2, ISO 27001, and PCI DSS, linking framework requirements to owners, evidence expectations, and operating records.
  • Supported control testing and gap analysis across security and operational control areas.
  • Translated audit and compliance needs into clear workstreams for security, IT, legal, product, operations, and engineering teams.
  • Built an independent compliance automation product focused on controls, evidence, policies, ownership, and audit workflows.

Experience

My career

11:11 Systems logo

11:11 Systems

Compliance & Audit Specialist

Supported enterprise compliance operations across security and regulatory frameworks, with emphasis on external audits, OneTrust workflows, control operations, risk assessments, and control testing activity.

Mar 2023 – Present
  • Coordinated and facilitated three external audits across SOC 2, ISO 27001, and PCI-DSS, managing auditor requests and control owner input across security, IT, legal, product, and operations.
  • Mapped and maintained 300+ controls across SOC 2, ISO 27001, and PCI-DSS to framework requirements, evidence expectations, and control ownership.
  • Used OneTrust to organize control evidence, validate record completeness, and prepare auditor-facing materials.
  • Maintained records for 75+ controls across access management, change management, vendor risk, incident response, business continuity, data protection, and security operations.
  • Supported risk assessment and control testing activities by reviewing evidence, documenting gaps, and maintaining remediation ownership, target dates, and status.
  • Maintained visibility into 100+ audit, evidence, risk, and remediation items across recurring compliance cycles, including open requests, blockers, and completion status.
ThreeFlow logo

ThreeFlow

Product Delivery Manager

Led cross-functional delivery work connecting product execution, security requirements, Vanta-supported compliance activities, and external audit needs in a software environment.

Dec 2021 – Feb 2023
  • Coordinated and supported two external audits tied to SOC 2 Type II, HIPAA-related requirements, and security controls by translating compliance needs into engineering tasks and delivery plans.
  • Used Vanta-supported workflows to manage security requirements, evidence needs, implementation status, and ownership across product and engineering teams.
  • Broke down security and compliance requirements into Jira-tracked work items, acceptance criteria, dependencies, and implementation follow-ups for engineering and product teams.
  • Maintained visibility into compliance-related risks, dependencies, implementation status, and unresolved blockers for audit-sensitive work.
  • Facilitated Agile delivery processes while incorporating security, compliance, and audit-readiness considerations into development workflows.
ThreeFlow logo

ThreeFlow

Project Management Operations Specialist

Improved support and delivery operations by building processes, coordinating feature rollouts, and assisting product teams with testing and adoption.

Jun 2021 – Dec 2021
  • Built and maintained support operations processes, including SLA tracking, service desk configuration, knowledge-base documentation, internal training materials, and support handoff workflows.
  • Supported product rollouts by coordinating user training, documenting process changes, gathering feedback, and helping teams adopt new workflows.
  • Assisted product and development teams with user-acceptance testing by validating expected behavior, documenting issues, and confirming readiness before release.
Ceterus logo

Ceterus

QA Engineer Team Lead

Led QA operations across manual and automated testing, helping improve release quality, team performance, and test coverage.

Dec 2019 – Jun 2021
  • Led QA execution across manual and automated testing, coordinating a 4-person team and using KPI-driven tracking to improve test coverage, release quality, and issue follow-through.
  • Maintained automated test coverage with the QA Automation Engineer by converting manual test cases into repeatable scripts and expanding regression coverage.
  • Supported controlled release processes by deploying code to non-production environments using Jenkins and CircleCI and validating changes before production release.
Ceterus logo

Ceterus

QA Engineer

Executed test planning and defect validation across multiple applications, with a focus on quality, reproducibility, and technical accuracy.

May 2019 – Dec 2019
  • Created detailed test plans, documented defects with reproduction steps, screenshots, videos, severity notes, and expected results, and escalated issues based on business impact.
  • Used SQL to validate application data, investigate defects, confirm expected outcomes, and provide engineering teams with evidence-backed recommendations.
  • Executed cross-application testing across multiple devices and environments to verify expected behavior and identify release-blocking defects.
Ceterus logo

Ceterus

Technical Support Specialist

Handled technical support operations, documentation, and data quality work while serving as a bridge between users and engineering.

Feb 2018 – May 2019
  • Resolved internal and customer support requests in Zendesk while tracking SLAs, documenting issue status, and escalating technical problems to engineering when needed.
  • Created support documentation and internal guidance that translated technical workflows into clear instructions for Product Support and Customer Service teams.
  • Conducted data cleanup and analysis to improve record accuracy, reduce support friction, and support better operational reporting.

Projects

Compliance project work

Kasbah Labs logo

Kasbah Labs

GRC Workflow Automation Platform

Designed and built an applied GRC workflow application for control ownership, evidence handling, policy workflows, remediation status, and audit preparation.

Jun 2025 – Apr 2026
  • Modeled practical GRC workflows for control records, evidence uploads, owner assignments, review status, policy acknowledgments, and remediation status.
  • Built structured workflows for control ownership, evidence review, documentation activity, and open compliance tasks.
  • Created audit preparation views that organized controls, evidence, owners, open requests, reviews, and remediation activity in one place.
  • Owned full-stack implementation, including application architecture, front-end and back-end development, deployment, and maintenance.

Education

Academic background

Western Governors University

Bachelor of Science, Information Technology

Salt Lake City, Utah

September 2019 – December 2021

Tools & Platforms

Tools I've worked with

Compliance & Audit Operations

Platforms used for control operations, audit workflows, and compliance program management.

Vanta OneTrust

Security & Identity

Security and identity tools used in environments connected to control operations and audit evidence.

Okta CrowdStrike Snyk SonarQube

Documentation & Workflow

Systems used for ticketing, knowledge management, workflow coordination, and operational records.

Jira Confluence ServiceNow Zendesk Notion

Reporting & Insights

Technical tools used to support analysis, testing, reporting, and software delivery context.

SQL Power BI Tableau Splunk

Approach

I work at the intersection of compliance and execution.

I’ve worked close to audits, controls, product teams, engineering, and delivery. That makes me useful in roles where requirements need to become real processes, real systems, and real follow-through.