Cloud GRC Engineer · ISO/IEC 27001 Lead Auditor

Nelson Rosario

I’m an aspiring Governance, Risk, and Compliance professional focused on AWS cloud security and automation. This portfolio captures how I blend hands-on engineering with audit discipline to deliver outcomes that go well beyond tenure alone.

I specialize in Python & console-driven evidence automation that keeps AWS environments compliant—automating audits, driving remediation, and translating dense security requirements into production-ready solutions.

As an ISO 27001 Lead Auditor I am continuing to expand a suite of nine AWS security automation labs, each proving how rigorous governance and modern cloud tooling can move at engineering speed.

Email Me LinkedIn GitHub Download Resume
Los Angeles, CA · Remote Ready 128+ professional connections
Lab 3 4 S3 Public Check status badge View AWS Compliance Labs Automation Suite

Skills & Tooling

Continuous compliance, security automation, and AWS evidence pipelines.

Cloud Platforms

  • AWS multi-account governance
  • Evidence automation & guardrails

Security & Compliance

  • ISO/IEC 27001:2022
  • SOC 2 Trust Services Criteria
  • NIST 800-53 · CIS AWS Foundations
  • Risk assessment & audit readiness

Tools & Automation

  • AWS CloudFormation & CDK
  • GitHub Actions OIDC federation
  • AWS Lambda · Config · Security Hub
  • CloudWatch · GuardDuty · boto3 · pandas
  • cfn-guard · Slack workflow automation

Programming & Frameworks

  • Python · Bash · YAML/JSON policy-as-code
  • ISO 27001 Annex A controls
  • NIST RMF · CIS Critical Controls
  • Audit evidence automation & reporting

Highlighted Projects

Evidence automation labs transforming manual audits into daily control verification.

AWS Compliance Labs Automation Suite

Ongoing

Series of GitHub Actions + AWS Lambda labs that schedule daily ISO 27001 evidence collection for CloudTrail, EC2, S3, and IAM controls.

  • Automated evidence generation across all AWS regions with zero manual steps.
  • Least-privilege GitHub-to-AWS federation with scoped IAM trust policies.
  • Evidence versioned to S3 for auditor-ready retrieval.
View Repository

CloudTrail Multi-Region Validation (Lab 1)

Lambda-powered audit that ensures CloudTrail log coverage in every AWS region and writes JSON evidence to S3.

  • Maps directly to ISO 27001 A.12.4.1 (event logging).
  • Detects missing trails across commercial regions within minutes.
  • Scheduled via GitHub Actions for daily attestation.
Implementation

EC2 Asset Inventory & Scope Tagging (Lab 2)

Cross-region inventory script that classifies EC2 assets by scope and exports CSV evidence for ISO 27001 A.8.1.1.

  • Applies tagging logic to separate in-scope workloads automatically.
  • Daily CSV uploads to S3 with immutable versioning.
  • Hardened IAM trust policy restricting assume-role access to CI pipelines.
Workflow

IAM Access Review Automation

CLI tool that inspects IAM users and roles, flags wildcard permissions, and exports sign-off ready CSVs.

  • Reduced high-risk IAM findings by 72% following remediation cycles.
  • Highlights missing MFA and excessive privileges for rapid action.
  • Delivers auditable evidence packages to control owners.
View Automation

S3 Public-Access Detector (Planned · Lab 3)

In Design

Upcoming Lambda + Security Hub integration that scans S3 buckets hourly and raises findings for public ACLs or bucket policies.

  • Creates Security Hub custom findings with High severity.
  • Closes the loop on data exposure guardrails.
  • Extends the automation suite toward continuous monitoring.

Certifications & Learning

Blending formal audit practice with hands-on security engineering.

Completed

  • ISO/IEC 27001:2022 Lead Auditor – Mastermind (2025)
  • Navigate SOC 2 Compliance in the Cloud – LinkedIn Learning (2025)
  • Advanced SOC 2 Auditing: Security, Availability & Confidentiality – LinkedIn Learning (2025)
  • SOC 2 Compliance Essential Training – LinkedIn Learning (2025)

In Progress

  • AWS Certified Solutions Architect – Associate (2025 target)
  • ISO/IEC 42001:2023 Lead Auditor Certification Course – Mastermind

Experience Snapshot

Operational rigor from aerospace supply chains, sharpened by professional sports discipline.

Skyworks Solutions, Inc.

Engineering Services Coordinator · Feb 2021 – Present

  • Own daily kit pulls, PCB procurement, and BOM accuracy for high-volume production.
  • Lead Agile & SAP data hygiene, kit audits, and vendor negotiations to unblock delivery.
  • Brief executives bi-weekly on progress and spend, aligning cost centers on priorities.

V2X (Vertex Aerospace LLC)

Material Coordinator · Jul 2018 – Oct 2020

  • Managed import/export logistics for government aircraft programs with contract compliance.
  • Administered SAP EWM/P11 transactions and trained new hires as certified forklift instructor.

UPS

Unloader / Package Handler · Mar 2017 – Jun 2018

  • Processed high-volume freight while enforcing safety and precision under tight SLAs.

Carolina Panthers

Professional Athlete · Jun 2012 – Aug 2013

  • Translated elite teamwork, resilience, and discipline from the NFL into operational leadership.

Evidence Automation in Action

Continuous monitoring beats annual audit scramble every time.

Daily CloudTrail Assurance

JSON attestations land in S3 every morning with region coverage, exceptions, and remediation notes.

EC2 Asset Intelligence

CSV inventories highlight in-scope workloads, cost center tags, and orphaned resources ready for action.

IAM Risk Sweeps

Automated reviews flag wildcard permissions and missing MFA so remediation starts within hours.

Request Evidence Sample Browse Automation Scripts

Education

University of California, Los Angeles

Bachelor of Arts · 2008 – 2012

El Camino High School

Diploma · 2004 – 2008