Open to opportunities

Grace Montenegro

@gracemontenegro

Message

IT Auditor with expertise in ISO 27001 and SOC 2 compliance.

Ecuador

Message

What I'm looking for

I seek a role that fosters growth in IT audit and governance, emphasizing collaboration and continuous improvement.

I'm an IT Auditor with a solid foundation in supporting and auditing secure environments, particularly under ISO 27001 frameworks. My experience includes contributing to recertification efforts, conducting internal audits, and performing access reviews. Currently, I am deepening my knowledge in SOC 2 and other compliance frameworks, driven by a strong motivation to grow in IT audit and governance roles.

In my role at Stack Builders, I have successfully driven security initiatives that resulted in a measurable reduction in yearly non-conformities, significantly strengthening the company’s compliance posture. I led IT and support initiatives that automated workflows, reducing manual endpoint configuration by 70%. My strong communication and collaboration skills enable me to work effectively with cross-functional teams, translating complex issues into actionable items with a continuous improvement mindset.

My technical expertise includes vulnerability tracking and remediation in cloud environments, where I improved yearly resolution time by 20%. I have also performed web application security audits, identifying vulnerabilities aligned with the OWASP Top 10, which enhanced our security posture and contributed to ISO 27001 compliance. I am committed to leveraging my skills and knowledge to further advance in the field of IT audit and governance.

Experience

Work history, roles, and key accomplishments

Current

IT and Security Technician

Current

Stack Builders

Jan 2024 - Present (1 year 5 months)

Drove security initiatives aligned with ISO 27001, contributing to a measurable reduction in yearly non-conformities and strengthening Stack Builders’ overall compliance posture. Led IT and support initiatives to improve the company-wide support experience; automated workflows that reduced manual endpoint configuration by 70%, and proactively identified and implemented solutions to process ineffic

ISO 27001 IT Support Workflow Automation Cross Functional Collaboration Vulnerability Management Root Cause Analysis Incident Management Endpoint Security

DevOps - SRE

Stack Builders

Jan 2021 - Dec 2023 (2 years 11 months)

Provisioned and managed EC2 instances, S3 storage, and IAM roles in AWS, ensuring secure access control and environment isolation for development and testing workloads. Reduced risk and technical debt by scripting automation tasks and refactoring cloud server configurations, improving the consistency, reliability, and maintainability of cloud infrastructure.

AWS EC2 S3 IAM Cloud Security Scripting Cloud Infrastructure Server Performance Root Cause Analysis Platform Stability

Education

Degrees, certifications, and relevant coursework

UNIR

Master ’s in Cybersecurity, Cybersecurity

Currently pursuing a Master's degree in Cybersecurity, deepening knowledge in various compliance frameworks including SOC 2. This program focuses on advanced cybersecurity concepts and practices.