Michael Nichols

GRC Analyst | AWS Security | Cloud Compliance Specialist

Houston, TX | Open to Remote

Get In Touch Download Resume

About Me

I'm a cybersecurity professional with a strong foundation in compliance frameworks including SOC 2, HIPAA, and NIST CSF. I specialize in conducting security assessments, developing compliance documentation, and performing gap analyses to enhance organizational security posture. My experience spans coordinating compliance processes across stakeholders to support authorization readiness.

I'm actively developing technical skills in AWS security to transform traditional manual compliance operations into continuous monitoring solutions. I believe that effective security and compliance should enable organizations to move forward confidently while maintaining robust protection and regulatory adherence.

Throughout my career, I've successfully conducted assessments that have driven meaningful security improvements, from SOC 2 Type II readiness for Azure-hosted platforms to HIPAA Security Rule assessments for SaaS organizations. I'm passionate about bridging the gap between governance requirements and practical cloud security implementation.

Skills & Expertise

Cloud Platforms

AWS IAM CloudTrail CloudWatch AWS Config Security Hub Lambda

Security & Compliance

SOC 2 HIPAA Security Rule NIST CSF AWS Foundational Best Practices CIS Benchmarks

Tools & Technologies

AWS Identity Center (SSO) IAM Access Analyzer Amazon Bedrock Carbon Black Cloud ServiceNow ITSM Amazon SES

Programming/Scripting

Python (developing) Bash (developing) AWS Lambda functions

GRC Frameworks

SOC 2 Type II HIPAA Security Rule NIST Cybersecurity Framework Risk Management Framework

Other Skills

Risk Assessment Gap Analysis Audit Support Third-Party Risk Assessment Access Control Management

Featured Projects

AWS Account Governance Lab

Built a comprehensive AWS account governance framework implementing security best practices and compliance controls. Secured root account with MFA, deployed IAM Identity Center (SSO) with role-based permission sets, and established continuous monitoring through CloudTrail and CloudWatch.

AWS IAM Identity Center CloudTrail CloudWatch AWS Config Security Hub

Key Achievements:

  • Implemented role-based access control with IAM Identity Center for enterprise SSO
  • Configured CloudWatch alarms to detect root logins, sign-in failures, and IAM policy changes
  • Enabled automated compliance monitoring with AWS Config and Security Hub
  • Achieved compliance with AWS Foundational Best Practices and CIS benchmarks

AWS Automated Access Review Lab

Developed a serverless automation solution for recurring IAM access reviews that generates audit-ready CSV reports for continuous monitoring. Integrated Security Hub and IAM Access Analyzer to detect overly permissive roles, missing MFA configurations, and public resource exposure.

AWS Lambda Security Hub IAM Access Analyzer Amazon SES Amazon Bedrock Python

Key Achievements:

  • Automated IAM access reviews reducing manual effort by 80%
  • Generated audit-ready compliance reports in CSV format
  • Implemented AI-powered executive summaries for SOC 2 audit support
  • Created continuous monitoring for overly permissive roles and MFA compliance
  • Enabled proactive detection of public resource exposure

SOC 2 Type II Readiness Assessment

Conducted comprehensive SOC 2 Type II readiness assessment for an Azure-hosted Security Operations Center as a Service (SOC-as-a-Service) platform supporting Fortune 500 client expansion. Evaluated security controls, documented compliance gaps, and developed remediation roadmap.

Microsoft Azure SOC 2 Framework Compliance Assessment

Key Achievements:

  • Completed full SOC 2 Type II readiness assessment for enterprise platform
  • Supported Fortune 500 client expansion initiative
  • Developed 12-14 month compliance roadmap
  • Coordinated assessment across multiple stakeholder groups
  • Identified and documented critical control gaps with prioritized remediation plan

Third-Party Risk Assessment - IaaS Vendor

Performed comprehensive third-party risk assessment of a $2.4M Infrastructure as a Service (IaaS) vendor handling Personally Identifiable Information (PII) and Protected Health Information (PHI) for a telehealth platform.

SIG Lite Framework SOC 2 Assessment Risk Assessment

Key Achievements:

  • Assessed $2.4M vendor managing sensitive PII/PHI data
  • Reviewed SOC 2 audit reports and penetration test findings
  • Identified critical gaps in disaster recovery and access management controls
  • Delivered risk-based recommendations for vendor security improvements
  • Supported telehealth platform compliance with healthcare regulations

Certifications

AWS Certified Cloud Practitioner

Expected December 2025

Get In Touch

I'm always interested in discussing new opportunities in cybersecurity, compliance, and AWS security. Whether you're looking for expertise in SOC 2 assessments, HIPAA compliance, or AWS security architecture, I'd love to hear from you.

Location

Houston, TX | Open to Remote