GRC · AUDIT · COMPLIANCE · SHIPPED SOLO

Rishabh Arora

“I audit compliance for a living. So I built the platform I wished my clients had.”

I have led 100+ SOC 2 audits and currently manage 30–40 parallel audits as Client Engagement Manager at A-LIGN. I've turned that frontline regulatory experience into House of GRC: a complete, free toolkit of assessment calculators, policies, and a flagship agentic SOC 2 platform named Veris AI.

100+ Audits Led30+ Tools ShippedCISA CredentialsSolo Build
0+
Audits Led
00
Run in Parallel
0
Tier-1 Firms
Scroll
SOC 2 Type I & II
ISO 27001
FedRAMP
SOX ITGC
ISO 42001
CISA
CLOUD SECURITY
AI GOVERNANCE
SOC 2 Type I & II
ISO 27001
FedRAMP
SOX ITGC
ISO 42001
CISA
CLOUD SECURITY
AI GOVERNANCE
01 — The idea

Readiness was a black box.

In leading over a hundred compliance audits, I watched the exact same story play out again and again. The gap was never the auditor's final finding — it was the fact that internal engineering teams had absolutely no idea where they stood before the audit fieldwork actually started.

Readiness checkups were either locked behind expensive, manual consultancy retainers or flattened into simple spreadsheet checklists that missed actual technical system boundaries.

So I started building the software tools I wished my own clients had at their disposal. What began as a series of simple calculators soon turned into an integrated, end-to-end framework catalog and platform: House of GRC.

02 — The flagship

Meet Veris AI.

Our flagship agentic compliance engine. Four specialized AI agents that autonomously prep your infrastructure, policies, and logs so you walk into audits fully ready.

Flagship Product

Veris AI Workspace

Agentic SOC 2 Readiness with automated boundary analysis and controls matching.

Explore Veris AI

ATLAS

Scopes your Trust Services Criteria (TSC) boundary based on your cloud architecture.

THEMIS

Drafts complete, auditor-ready policy manuals customized for your engineering stack.

VERITAS

Verifies and scores evidence files, verifying checklists before submitting to your auditor.

AEGIS

Guards security posture by continuously monitoring vendor and risk registers.

03 — The platform

House of GRC Toolkit.

Veris AI is our flagship product workspace. House of GRC is the umbrella that holds it — including our entire catalog of free compliance tools and reference guides.

Free

Self-Assessment

Scenarios engine mapping Trust Services Criteria boundaries with instant scoring and gap lists.

Run assessment
Free

Policy Generator

Interactive engine to customize and draft complete policy manuals and export in editor formats.

Draft policies
Free

Framework Mapper

Map common security controls from SOC 2 criteria to ISO 27001:2022 and federal standards.

Map controls
Free

21 Framework Guides

Deep guides for security frameworks (SOC 2, ISO 27001, HIPAA, GDPR, ISO 42001, CMMC).

Read guides
Free

GRC Jobs Board

Curated feed of remote and global security compliance and IT audit vacancies.

View vacancies
Free

Regulatory News

Real-time aggregated compliance news regarding security bulletins, CERT-In, and AI acts.

Read news
04 — How I build

Coding the controls.

I built this entire 30-route platform solo during nights and weekends, utilizing AI as a high-velocity pair-programmer.

GRC domain expertise is my engineering moat. Because I understand the requirements of auditors in detail, I am able to draft the precise compliance rules and write the code that enforces them.

Step 01

Domain Expertise

We start with real regulatory requirements and field experience.

Step 02

AI Pair-Programming

Write, refactor, and compile complex web structures at speed.

Step 03

One Prompt at a Time

Break down large requirements into atomic functional additions.

Step 04

Auditor Code Review

I manually audit and test every single line before it ships.

05 — The auditor

Backed by real experience.

From advisory audits for tech enterprises to first-line defensive controls inside global payment gateways.

Client Engagement ManagerJan 2026 – Present
A-LIGN India · Service Delivery

Lead 100+ audits and manage 30–40 parallel SOC 2 compliance engagements. Act as the primary technical point of contact across the full audit lifecycle.

Manager, Service Delivery SOC 2May 2025 – Jan 2026
A-LIGN India

Supervised teams of 15+ staff and senior GRC consultants, conducting quality reviews, establishing scoping baselines, and assuring deliverables.

Associate Manager & Senior ConsultantNov 2022 – May 2025
A-LIGN India

Planned and executed SOC 2, FISMA, and FedRAMP security audits. Leveraged automated tools (Vanta, Drata) to reduce compliance client overhead.

Information Security Analyst 3Apr 2021 – Nov 2022
PayPal · First Line of Defense

Designed test plans and conducted logical access & change management validation for PayPal's ITGC SOX framework.

Advisory Analyst & Solution AdvisorJun 2018 – Apr 2021
Deloitte & Touche AERS

Conducted SOC 1, SOC 2, and SOX IT audits for Fortune 500 tech systems. Directed SOC 2 readiness for blockchain, crypto-wallet, and investment firms.

Six Tested Domains

01

SOC 2 Type I & II

Managed 100+ audits. I know where engineering teams lose weeks on evidence collection, how controls break, and how to prep in under 90 days.

02

ISO 27001

Certified ISMS Lead Auditor. Gap analysis, Stage 1/2 preparation, and Annex A control mapping. Coordinates ISO framework alignment with SOC 2 boundaries.

03

FedRAMP & FISMA

NIST SP 800-53 Rev 5 federal security controls mapping, SSP preparation, and continuous monitoring (ConMon) guidelines for government vendors.

04

SOX ITGC

Tested IT General Controls from within PayPal's FLOD logical access, change authority and operations. I know exactly what auditors test during fieldwork.

05

Cloud Security

CCSK and AWS certified. Cloud infrastructure IAM review, boundary segmentation, encryption keys, and log aggregation checks.

06

AI Governance

ISO 42001 Lead Auditor. Annex A AI-specific operations scoping, algorithmic safety boundaries, and risk registers under the EU AI Act framework.

Credentials & Certifications

🔍
CISA
ISACA · IT Auditor
🔐
ISO 27001 Lead Auditor
PECB · ISMS Certified
☁️
CCSK v.4
Cloud Security Alliance
🤖
ISO 42001 Lead Auditor
Exemplar Global · AI Audit
🛡️
Certified in Cybersecurity
ISC² · Security Operations
🟠
AWS Certified Practitioner
Amazon Web Services
🔷
Azure Fundamentals
Microsoft · AZ-900
📊
Azure Data Fundamentals
Microsoft · DP-900
8Active Credentials
Notable achievementsFinalist SRCC Launchpad (Top 15 out of 500+). Recipient of ₹4,00,000 national ministry academic scholarship. Top 0.1 percentile CBSE.
EducationB.Tech in Computer Science · JIIT Noida
Contact

Let's talk.

Whether you need to organize a full SOC 2 engagement, complete a readiness scoping call, or explore custom dashboard capabilities — let's schedule a meeting.

© 2026 · New Delhi, IndiaCISA · ISO 27001 LA · ISO 42001 LA · CCSK · AWS · ISC²

House of GRC is independently operated as an educational and technical resource. The platform is not affiliated with, sponsored by, or partner-representative of any audit firm (including current or past employers). Use of this resource does not establish or guarantee audit report compliance results.