A focused case study connecting my fintech operations, automation, and compliance work to typical product and G&A needs at high-growth financial-technology companies.
Fintech teams operate across payments, invoicing, collections, and sensitive PII/PCI data flows. This mini-repo outlines how I apply secure-by-default practices and automation to enable small, fast teams without sacrificing controls.
- Fintech DNA: Led IT, security operations, and PCI DSS 4.0.1 certification at a payments company (policy authoring, evidence automation, auditor interface).
- Automation Culture: Built HR/SaaS provisioning, ticket intake, and documentation pipelines that scale without headcount.
- Compliance as a Feature: Established quarterly evidence runs and a living control matrix that map to PCI DSS and SOC 2.
- Assess & Stabilize: inventory systems, map data flows (payments, PII), review CA policies, SLAs, and incident runbooks
- Automate the Basics: HR onboarding/offboarding, Slack→Jira intake, KB refresh with Confluence
- Compliance Backbone: quarterly evidence runs, PCI→SOC 2 mapping, living control matrix
- Ops Metrics: weekly dashboards (SLA, endpoint health, auth anomalies, change volume)
- Time-to-ready for new hires
- SLA adherence + MTTR
- Audit prep time and re-request rate
- Auth anomalies per 1k users (downward trend)
- ChatGPT Pro: summarize audit logs and change tickets into auditor-friendly narratives
- Claude: rewrite SOPs in plain English; generate user-facing KB drafts
- Gemini: quick control-mapping checks and cross-references
- Sample quarterly evidence plan
- Control matrix snippet (PCI→SOC 2)
- Onboarding checklist + Jira workflow diagram (redacted)
“Fintech focus, automation-first, and compliance-ready operations — with measurable SLA and audit outcomes.”
MIT — see LICENSE.
