The story you work inside
One company. One story. One connected portfolio.
Inside the Studio, you become the first GRC analyst for TechFlow Solutions, a realistic cloud company with healthcare and financial services clients.
TechFlow has sensitive data, vendors, access issues, missing policies, audit pressure, and customers asking for security proof. Your job is to help it move from informal security practices to a structured, evidence-based GRC program.
Every artifact is built around the same case, so your portfolio tells one clear story instead of looking like disconnected worksheets.
The TechFlow brief
01Cloud analytics platform on AWS, ~150 clients across healthcare, financial services, and enterprise
02Holds PHI, financial records, card data, and customer PII β with no data classification
03Seven vendors, none security-checked; optional client sign-in; no written policies
04Clients demanding SOC 2 proof and HIPAA assurance β and no GRC program yet