Assess selected security controls against framework expectations.
Internal Audit
Internal Cybersecurity Audit
An internal assessment that reviewed security controls, documented gaps, and produced a prioritized remediation roadmap.
- Organization
- Cybersecurity Internship Portfolio
- Duration
- 3 weeks
- Project Type
- Internal Audit
Business Context
Why the work mattered
The project simulated an internal security review for an organization seeking better visibility into control maturity. The emphasis was on practical evidence collection, clear findings, and remediation guidance suitable for management review.
Objectives
Engagement goals
Identify gaps in documentation, process, and accountability.
Prioritize findings by business risk.
Prepare a concise audit report for stakeholders.
Methodology
Structured process
The methodology explains how the work moved from context gathering to documented recommendations.
Step 1
Planning
Define the audit scope and evidence expectations.
Established control areas, assessment criteria, and documentation requirements.
Step 2
Evidence Review
Determine whether controls were documented and operating as expected.
Reviewed policy samples, access control practices, awareness evidence, and incident procedures.
Step 3
Gap Analysis
Convert observations into actionable findings.
Compared current state against NIST CSF and CIS Controls expectations.
Step 4
Reporting
Communicate findings in a business-readable format.
Prepared an executive summary, risk ratings, and remediation priorities.
Deliverables
Artifacts produced
Internal Audit Report
Structured report with scope, findings, risk ratings, and remediation recommendations.
Supports management decisions and future control improvement planning.
Remediation Roadmap
Prioritized list of corrective actions with owners, timelines, and expected outcomes.
Turns assessment findings into practical next steps.
Skills Demonstrated
Professional competencies
Outcomes
Project impact
- Control gaps were clearly categorized and prioritized.
- Findings were connected to business impact and remediation urgency.
- The report structure supported both technical review and executive scanning.
Lessons Learned
Professional growth
Related Projects
Continue exploring

Governance
Governance Policy Development
A structured policy development engagement aligning security expectations with business objectives and recognized frameworks.

Risk Management
Enterprise Risk Assessment
A risk assessment project documenting assets, threats, likelihood, impact, and treatment options for management review.

Vendor Risk
Third-Party Risk Assessment
A vendor review workflow covering due diligence, control questions, risk scoring, and onboarding recommendations.
Discuss GRC opportunities
Contact Osen after reviewing this project or download the resume for a concise overview.