IT Audit · Cybersecurity · GRC

William Asare Yirenkyi

Tech Audit, Cybersecurity and GRC CISA and CISM. ex-Big4. Creating clarity at the intersection of systems, security, and compliance.

currently · MSc IT Auditing and Cybersecurity at Temple Fox School of Business. Open to Tech audit and GRC roles.

  • NIST 800-53
  • FedRAMP
  • OSCAL
  • SOC 2
  • Python
  • Next.js
  • Supabase
  • AWS

Selected work

All projects
  • A multi-tenant SaaS that runs AI and ML governance audits end to end: scoping, control assessment across eight frameworks, findings, and remediation, backed by a tamper-evident audit trail.

    • AI Governance
    • NIST AI RMF
    • ISO 42001
    • GRC
    • SaaS
  • Multi-tenant SaaS for FedRAMP continuous monitoring: POA&M lifecycle, deviation requests, OSCAL deliverables, KEV sync, and tamper-evident audit logs. Next.js 15, Supabase with RLS, SAST / DAST CI.

    • FedRAMP
    • OSCAL
    • NIST 800-53
    • Continuous Monitoring
    • Multi-tenant
    • Next.js
    • Supabase
  • An AI-assisted IT audit and compliance workpaper platform that runs the full audit lifecycle across SOX ITGC, NIST 800-53, ISO 27001, PCI DSS, and NIST CSF 2.0, with audit defensibility enforced at the database layer.

    • IT Audit
    • SOX ITGC
    • NIST CSF
    • Workpapers
    • Next.js
  • An open-source tool that maps NIST SP 800-53 controls across overlays and baselines, links each control to its source paragraphs, and visualizes coverage against CSF 2.0.

    • NIST 800-53
    • OSCAL
    • Compliance
    • Tooling
  • A web app for IT auditors and GRC teams to build and manage risk registers: a guided assessment wizard, a 5x5 inherent and residual matrix, NIST CSF, ISO 27001 and SOX ITGC templates, and PDF and Excel export.

    • Risk Management
    • GRC
    • NIST CSF
    • ISO 27001
    • React
  • A Python toolkit that automates the repetitive parts of a security audit: port and service scanning, outdated-software and misconfiguration detection, password-policy checks, log analysis, and network mapping, producing structured, workpaper-ready findings.

    • Python
    • Security Audit
    • Vulnerability Assessment
    • Automation
    • ITGC

Recent writing

All writing

Four questions (and three more) I actually ask when reviewing an AI feature. Derived from NIST AI RMF, but written for engineers and PMs, not auditors.

Publications

All papers

Certifications

About
  • Certified Information Systems Auditor (CISA)

    ISACA · Sep 26, 2024

    Verify
    ISACA badge
  • Certified Information Security Manager (CISM)

    ISACA · Jan 10, 2025

    Verify
    ISACA badge
  • Junior Penetration Tester (eJPT)

    INE Security · Jul 1, 2024

    Verify
    INE Security badge
  • Certified Cloud Associate

    INE Security · Nov 1, 2024

    Verify
    INE Security badge
  • CompTIA Security+

    CompTIA · Nov 1, 2020

    Verify
    CompTIA badge

I’m a technology auditor and cybersecurity professional with experience across SOX ITGC, IT risk, and platform control reviews. My background includes years of experience at PwC in Risk Assurance and Cybersecurity, followed by independent IT audit work across Windows, UNIX, and core ITGC domains. I combine audit judgment with technical execution, building tools like AuditAI and AuditLens to improve control mapping, evidence quality, and audit defensibility across frameworks such as NIST AI RMF, ISO 42001, SOX ITGC, NIST 800-53, and CSF 2.0. I hold CISA, CISM, Security+, eJPT, and cloud certifications, and I am completing an MSc in IT Auditing and Cybersecurity at Temple University’s Fox School of Business with a 4.0 GPA.

Based in
Philadelphia, PA