My work traces governance through system reality and evidence.
This means tracing governance through systems, controls, implementation, and user reality, with evidence where it counts.
Working premise
Governance and engineering are no longer separate worlds.
My working premise is simple: governance is no longer a reporting layer added at the end. It must be traceable through systems, code, controls, decisions, and evidence.
10+
Years across audit, risk, product, and delivery
NL
Current market focus
GRC
Methodological foundation
CRA
Flagship proof-of-work lens
Thesis
Governance is moving closer to systems, pipelines, and evidence.
My foundation is in GRC audit. The work now is applying that method to modern products, controls, and evidence without losing the business lens.
My background in GRC audit gave me a method: define the scope, test the claim, examine the evidence, and make accountability visible. The technical work is an extension of that method, not a break from it.
As governance moves closer to systems, pipelines, and evidence, audit methodology has to hold up inside technical environments as well.
How I work
Three connected lenses guide how I evaluate systems.
This is the working sequence: trace governance into systems, controls, and implementation, then test whether the evidence holds up.
Governance
I work on accountability, traceability, control design, and how regulatory expectations become operational.
System reality
I am moving closer to systems, implementation, and technical controls rather than staying only at the policy layer.
Evidence
I care about proof of work that makes the logic visible through investigations, artifacts, and structured communication.
Flagship work
CRA Labs is my flagship proof-of-work project.
CRA Labs is where I apply audit methodology to cloud-native compliance questions through real investigations, technical review, and evidence.
It is not a generic content project. It is a working body of proof that tests how governance claims map to system reality.
The structure is simple: 12 requirements, 6 pillars, 30 investigations, and GitHub-visible evidence.
The CRA Labs website is still being refined. For now, the GitHub repo is the best place to follow the work as it develops.
Open to
Roles, conversations, and collaboration.
Currently building proof-of-work full-time through CRA Labs. I'm open to roles across technical GRC, IT audit, controls assurance, and cybersecurity compliance.
I'm interested in roles where governance needs to be traced through real systems, controls, and evidence.
Technical GRC / Internal Audit
Work focused on whether governance, controls, and compliance claims hold up in real technical systems.
Product Compliance / AI Governance
Work where regulation, product decisions, and technical evidence need to be brought into the same conversation.
IT Audit / Controls Assurance
Work that tests control design, operating reality, and the evidence needed to support assurance.
I'm also relevant for vendor-side solutions consulting and pre-sales roles in compliance, governance, and audit products where technical translation, trust, and business communication matter.
Connect on LinkedIn