For security and GRC professionals, navigating SOX compliance can often feel like walking a tightrope—balancing technical controls, auditor expectations, and organizational priorities. Collaboration between security teams and internal and external auditors that’s built around trust and partnership isn’t just a “nice-to-have”; it’s essential to a smooth and effective compliance process.
In this chat, DigitalOcean’s Senior Manager of Security Engineering, Heather Cannon, and IT Audit and Risk Manager, Zachary Nelson, share their tips on how to improve SOX audits for everyone involved by automating processes and building trust through effective partnership and communication.
Get both security and internal audit perspectives on:
- Building stronger auditor relationships
- Implementing controls to balance security and compliance goals
- Streamlining your SOX compliance program
- Addressing common compliance pitfalls that can lead to big security risks
About the speakers:
Heather Cannon, Security Engineering Leader at DigitalOcean
Heather Cannon is a Security Engineering leader at Digital Ocean, overseeing teams responsible for security engineering infrastructure, corporate security, governance, risk, and compliance. Her 14+ years of experience driving security initiatives include architecting and building security tools and infrastructure (on-premises and cloud), vulnerability management, privacy regulation implementation, and incident response at cloud services and SaaS companies.
Zach Nelson, IT Internal Audit & Risk Leader at Digital Ocean
Zach Nelson leads the IT Internal Audit & Risk practice at DigitalOcean, responsible for the company’s risk-based IT SOX program and enterprise risk management, in addition to operational reviews concerning a wide range of emerging IT risks and trends such as generative AI. He has had the privilege of interfacing business and IT teams to drive efficient and effective results in a variety of roles at growing technology businesses over the past 10+ years.