Customer Trust & GRC Strategist
Ivy Warren
Carnegie Mellon M.S.|AWS Certified Cloud Practitioner
Building scalable compliance programs, enabling customer trust, and shaping AI governance at high-growth companies.
About
Get to Know Me
Professional
I’m energized by building and improving systems. In customer trust and compliance, that means creating structure, defining ownership, and designing scalable control frameworks that support both audit rigor and enterprise assurance.
I enjoy the strategy behind the work — mapping requirements, reducing complexity, and aligning cross-functional teams around clear execution. I value strong working relationships and believe the most effective trust and compliance programs are built through collaboration, transparency, and shared accountability.
For me, governance and customer trust aren’t just about passing audits — they’re about creating clarity, confidence, and long-term resilience in high-growth environments.
Personal
I’m based in Salt Lake City, where the mountains are a constant backdrop and reminder to step outside. I spend as much time as I can outdoors — hiking, playing pickleball, working out, or simply admiring the landscape and getting fresh air between projects.
Travel is another way I reset and stay inspired. I love experiencing new cities through their food, fashion, and culture, and I’m always planning the next trip. My favorite place I’ve visited is Seoul, South Korea — I was drawn to its vibrance, innovation, and the way tradition and technology coexist so seamlessly.
Whether I’m in the mountains or in a new country, I’m happiest when I’m exploring, learning, and building something new.
Approach
How I Think About the Work
My philosophy across three disciplines: governance architecture, trust enablement, and AI governance.
Governance & Compliance Architecture
I design compliance programs that scale. Rather than treating each framework as a silo, I build unified control architectures that map shared requirements across standards, reduce duplication, and create clear ownership. The goal is always a system that is audit-ready by default, not by scramble.
Customer Trust & Enterprise Enablement
I see trust as a revenue function, not just a checkbox. I build the infrastructure -- trust centers, questionnaire pipelines, standardized artifacts -- that lets security enable sales instead of slowing it down. Every enterprise deal should move faster because the trust story is already clear.
AI Governance & Automation
I work at the intersection of compliance and emerging technology. That means advising engineering on responsible AI practices, building governance frameworks for AI products, and using AI tools to automate the compliance work itself. The field is moving fast, and governance needs to keep pace.
Experience
Career Timeline
From security operations to governance leadership, each role has shaped how I approach compliance and trust.
Vercel
Governance, Risk, and Compliance Analyst
November 2024 — Present · Remote
Ridgeline Apps
Privacy, Risk, and Compliance Specialist II
June 2022 — November 2024
Arctic Wolf Networks
Intern - Security Analyst
November 2020 — February 2021 · Remote
Carnegie Mellon University
Intern – Security Engineer
June 2020 — August 2020 · Remote
Case Studies
Impact in Action
Click to expand each study and see the problem, approach, and outcome in detail.
Problem
PCI DSS v4.0 was released with significant new requirements, and the organization needed to upgrade from the previous version to remain compliant and continue serving e-commerce customers.
Approach
Conducted a gap assessment against the new v4.0 standard, identified 40+ net new control requirements, and led implementation in collaboration with engineering and security teams to close every gap.
Outcome
Achieved PCI DSS v4.0 compliance on schedule, enabling continued support for e-commerce customers and unblocking enterprise deal flow.
Problem
Managing overlapping controls across SOC 2, ISO 27001, HIPAA, PCI DSS, TISAX, and ISO 42001 resulted in duplicated effort, inconsistent documentation, and audit fatigue.
Approach
Designed and built a unified Common Control Framework that maps shared requirements across all six standards into a single control set with clear ownership and evidence workflows.
Outcome
Reduced total control count by 50%, streamlined audit preparation, and significantly decreased cross-functional coordination overhead.
Problem
Enterprise prospects faced long security review cycles that delayed deal closures. Security questionnaire turnaround times were a recurring bottleneck.
Approach
Designed and launched a public Trust Center with SafeBase, created standardized trust artifacts, and built a streamlined questionnaire pipeline with pre-approved responses.
Outcome
Improved security questionnaire turnaround by 74% and directly supported over 1,000 enterprise deals through faster trust enablement.
Problem
Rapid adoption of AI features and third-party AI vendors introduced governance gaps around responsible AI, risk documentation, and ISO 42001 readiness.
Approach
Partnered with engineering leadership to define AI governance requirements aligned with ISO 42001, documented AI-specific risks, and established vendor review protocols for AI tooling.
Outcome
Positioned the organization for ISO 42001 certification while embedding responsible AI practices into product development and vendor management workflows.
Framework Expertise
Compliance Frameworks
Hands-on ownership of control design, audit walkthroughs, remediation strategy, and cross-functional compliance execution.
Tools & Technologies
Tech Stack
The platforms, languages, and security tools I use to build and operate compliance programs.
Contact