Shayl Taveras

About Me

My path into GRC wasn't a straight line, and that's what makes it useful. I started in eDiscovery supporting litigation data operations for Merck and Johnson & Johnson, where I learned how organizations manage sensitive data under legal scrutiny. From there I moved through a data center role at Nasdaq and network operations at Verizon Wireless, building a foundation in infrastructure and systems that most compliance professionals never have.

Experience Highlights

• My first compliance exposure came at Syntax, a SaaS company navigating PCI-DSS and SOC I/II audits. Being part of the team that helped prepare for those assessments showed me how much manual effort goes into evidence collection, and how much of it shouldn't be manual at all. That's what pulled me fully into the GRC engineering space.
• Since then I've worked primarily in the NIST and FedRAMP compliance space across federal, DoD, and healthcare environments. My current role has expanded that into SOC I/II, HITRUST, and PCI-DSS. My goal is to make continuous compliance the default and build the tooling that lets organizations walk into any audit confident their controls will hold.

Get in Touch

shayl.taveras@gmail.com https://www.linkedin.com/in/shayltaveras/