Skip to main content

Internal Audit

Internal Cybersecurity Audit

An internal assessment that reviewed security controls, documented gaps, and produced a prioritized remediation roadmap.

Organization
Cybersecurity Internship Portfolio
Duration
3 weeks
Project Type
Internal Audit
NIST CSFCIS ControlsISO 27001

Business Context

Why the work mattered

The project simulated an internal security review for an organization seeking better visibility into control maturity. The emphasis was on practical evidence collection, clear findings, and remediation guidance suitable for management review.

Objectives

Engagement goals

Assess selected security controls against framework expectations.

Identify gaps in documentation, process, and accountability.

Prioritize findings by business risk.

Prepare a concise audit report for stakeholders.

Methodology

Structured process

The methodology explains how the work moved from context gathering to documented recommendations.

  1. Step 1

    Planning

    Define the audit scope and evidence expectations.

    Established control areas, assessment criteria, and documentation requirements.

  2. Step 2

    Evidence Review

    Determine whether controls were documented and operating as expected.

    Reviewed policy samples, access control practices, awareness evidence, and incident procedures.

  3. Step 3

    Gap Analysis

    Convert observations into actionable findings.

    Compared current state against NIST CSF and CIS Controls expectations.

  4. Step 4

    Reporting

    Communicate findings in a business-readable format.

    Prepared an executive summary, risk ratings, and remediation priorities.

Deliverables

Artifacts produced

Audit

Internal Audit Report

Structured report with scope, findings, risk ratings, and remediation recommendations.

Supports management decisions and future control improvement planning.

Risk Treatment

Remediation Roadmap

Prioritized list of corrective actions with owners, timelines, and expected outcomes.

Turns assessment findings into practical next steps.

Skills Demonstrated

Professional competencies

Internal AuditGap AnalysisRisk Reporting

Outcomes

Project impact

  • Control gaps were clearly categorized and prioritized.
  • Findings were connected to business impact and remediation urgency.
  • The report structure supported both technical review and executive scanning.

Lessons Learned

Professional growth

Audit value depends on evidence quality and clear communication.
Findings become more actionable when paired with realistic remediation ownership.

Related Projects

Continue exploring

Governance

Governance Policy Development

A structured policy development engagement aligning security expectations with business objectives and recognized frameworks.

ISO 27001NIST CSFCIS Controls
Policy DevelopmentControl MappingTechnical Writing
View case study

Risk Management

Enterprise Risk Assessment

A risk assessment project documenting assets, threats, likelihood, impact, and treatment options for management review.

CIS RAMNIST CSFISO 27001
Risk AssessmentRisk RegisterBusiness Impact Analysis
View case study

Vendor Risk

Third-Party Risk Assessment

A vendor review workflow covering due diligence, control questions, risk scoring, and onboarding recommendations.

NIST CSFISO 27001CIS Controls
Vendor AssessmentQuestionnaire DesignRisk Scoring
View case study

Discuss GRC opportunities

Contact Osen after reviewing this project or download the resume for a concise overview.