A multi-tenant SaaS that runs AI and ML governance audits end to end: scoping, control assessment across eight frameworks, findings, and remediation, backed by a tamper-evident audit trail.
- AI Governance
- NIST AI RMF
- ISO 42001
- GRC
- SaaS
IT Audit · Cybersecurity · GRC Engineering
William Asare Yirenkyi
Tech Audit, Cybersecurity and GRC. CISA and CISM. ex-Big4. Building audit platforms at the intersection of compliance and code.
currently · MSc IT Auditing and Cybersecurity at Temple Fox School of Business. Open to Tech audit and GRC roles.
- NIST 800-53
- FedRAMP
- OSCAL
- SOC 2
- Python
- Next.js
- Supabase
- AWS
Selected work
last shipped · AuditAI Platform ·An AI-assisted IT audit and compliance workpaper platform that runs the full audit lifecycle across SOX ITGC, NIST 800-53, ISO 27001, PCI DSS, and NIST CSF 2.0, with audit defensibility enforced at the database layer.
- IT Audit
- SOX ITGC
- NIST CSF
- Workpapers
- Next.js
An open-source tool that maps NIST SP 800-53 controls across overlays and baselines, links each control to its source paragraphs, and visualizes coverage against CSF 2.0.
- NIST 800-53
- OSCAL
- Compliance
- Tooling
A web app for IT auditors and GRC teams to build and manage risk registers: a guided assessment wizard, a 5x5 inherent and residual matrix, NIST CSF, ISO 27001 and SOX ITGC templates, and PDF and Excel export.
- Risk Management
- GRC
- NIST CSF
- ISO 27001
- React
A Python toolkit that automates the repetitive parts of a security audit: port and service scanning, outdated-software and misconfiguration detection, password-policy checks, log analysis, and network mapping, producing structured, workpaper-ready findings.
- Python
- Security Audit
- Vulnerability Assessment
- Automation
- ITGC
An interactive tool that turns phishing risk into a dollar figure: it scores exposure, projects three-year ROI on security awareness training, and exports a presentation-ready business case for CISOs and security leaders defending a budget.
- Security Awareness
- Risk Quantification
- ROI
- React
- CISO
Recent writing
Workpapers fail when the next auditor cannot reconstruct your thinking. A seven-section structure that ports beyond audit to engineering postmortems and product specs.
FedRAMP Moderate is 325 controls and a long list of GRC vendors. You can get to a credible readiness statement on a laptop, with three tools, in a few weeks.
Four questions (and three more) I actually ask when reviewing an AI feature. Derived from NIST AI RMF, but written for engineers and PMs, not auditors.
Publications
William Asare Yirenkyi · Sarcouncil
Certifications
About
I am a technology auditor and cybersecurity professional with years leading internal control evaluations, IT risk assessments and audit execution. I spent three years at PwC in Risk Assurance and Cybersecurity covering SOX ITGC, SOC, and PCI DSS engagements, then a year and a half as an independent IT auditor running ITGC and Windows and UNIX platform reviews. What sets my work apart is that I ship the tooling, not just the workpaper. I build production audit platforms (AuditAI and AuditLens) that map controls across NIST AI RMF, ISO 42001, SOX ITGC, NIST 800-53, and CSF 2.0, and enforce audit defensibility at the database layer. I hold CISA, CISM, eJPT, the INE Certified Cloud Associate, and CompTIA Security+, and I am completing an MSc in IT Auditing and Cybersecurity at Temple's Fox School of Business (GPA 4.0, Dean's List, ISACA Philadelphia Chapter Scholar).
- Based in
- Philadelphia, PA