Skip to content

New Profile: nelsonrosario89 #30

New issue
New issue
Closed
Closed
New Profile: nelsonrosario89#30
Labels
profile-submissionAutomated profile submission from the directory form
@nelsonrosario89

Description

@nelsonrosario89
nelsonrosario89
opened on Mar 13, 2026
---
name: "Nelson Rosario"
github: "nelsonrosario89"
specializations:
  - "Audit & Assurance"
  - "Cloud Security"
  - "Compliance Automation"
  - "Identity & Access Management"
  - "Risk Management"
  - "Security Governance"
location: "Los Angeles"
linkedin: "https://www.linkedin.com/in/nelson-rosario-16b99684/"
blog: "https://nelsonrosariogrcportfolio.com"
frameworks:
  - "ISO 27001"
  - "ISO 42001"
  - "NIST 800-53"
  - "PCI-DSS"
  - "SOC 2"
languages:
  - "Bash"
  - "PowerShell"
  - "Python"
certifications:
  - "SO/IEC 27001:2022 Lead Auditor"
  - "ISO/IEC 42001:2023 Lead Auditor"
available_for:
  - "hiring"
  - "freelance"
  - "collaboration"
projects:
  - name: "Cloud Compliance Readiness Toolkit"
    url: "https://github.com/nelsonrosario89/cloud_compliance_readiness_toolkit"
    description: "A portfolio-ready FastAPI application that helps SaaS teams and GRC consultants plan and track SOC 2 / ISO 27001 / PCI DSS readiness."
  - name: "CloudTrail Multi-Region Validation"
    url: "https://github.com/nelsonrosario89/first_one_nellz/tree/main/labs/lab1_cloudtrail_validation"
    description: "This lab implements a Python Lambda/script that validates every AWS region has at least one multi-region CloudTrail and writes a JSON evidence file to an S3 bucket."
  - name: "Continuous Control Monitoring with Custom Security Hub Insights"
    url: "https://github.com/nelsonrosario89/first_one_nellz/tree/main/labs/lab6_continuous_monitoring"
    description: "Central dashboard orchestrating Config, Security Hub, and EventBridge rules for daily compliance evidence across accounts.  Aggregates pass/fail data into an S3 compliance lake. Publishes executive-ready metrics to QuickSight. Extends automation suite toward ISO 42001 alignment."
  - name: "Automated Role Review for ISO 27001 Access Control"
    url: "https://github.com/nelsonrosario89/first_one_nellz/tree/main/labs/lab7_iam_role_review"
    description: "This lab automates a recurring review of who can assume critical IAM roles across AWS accounts, using CloudTrail, Lambda, EventBridge, and S3 evidence reports. It supports ISO 27001 A.9.1.2 – Access to networks and network services by providing timestamped proof that only authorized principals can assume scoped roles."
  - name: "Lambda-Powered Audit Pack Generator"
    url: "https://github.com/nelsonrosario89/first_one_nellz/tree/main/labs/lab8_audit_pack_generator"
    description: "This lab builds a monthly ZIP “audit pack” of ISO 27001 evidence artifacts by collecting key reports from an S3 evidence bucket and packaging them into a single compressed file. The ZIP includes a README_AUDIT_PACK.txt that maps each file to the relevant ISO 27001 control.  This supports ISO 27001 A.18.2.1 – Independent Review of Information Security by making it easy for auditors and management to review a consistent, timestamped bundle of technical evidence."
---

## About Me

Some people know me for my athletic prowess throughout the years, but what I try my best to embody is being reliable and thorough. I credit this mindset mostly to my military parents and to my time on various teams throughout my athletic career. A major thing that stuck with me from my time in the NFL is that the best ability is availability. As a GRC Engineer, my goal is to bring that same availability, reliability and discipline to automating cloud compliance for SaaS companies preparing for SOC 2, ISO 27001 & 42001, and PCI DSS audits. Bridging the gap between security frameworks and technical implementation by building automation that collects evidence from AWS, maps it to specific controls, and tracks remediation all in one place. 

I am open to GRC Engineering, Security Compliance, and Cloud Security roles where I can help organizations automate their compliance programs.

I Am Based out of Los Angeles. UCLA Bruin Alumni. Avid fan of sports, tech, and all things knowledge. I am a very curious person who knows a lot of about seemingly random information. I love to help others understand things I may know from multiple perspectives. I can't help but to pass on what I know or how I process things. 

Most of all I love genuine connections and value real quality time with loved ones. I have stories for days for a wide range of topics. 

Outside of the obvious work related things, if you every want to talk sports and experiences feel free to hit me up and let's connect.

## Get in Touch

Feel free to reach out through any of the links here or on my 🔗 Portfolio: nelsonrosariogrcportfolio.com

Metadata

Metadata

Assignees

No one assigned

    Labels

    profile-submissionAutomated profile submission from the directory form

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions