// PROFILE
Where AI meets
Security & Trust.

I'm a former Maryland public-sector IT security auditor turned enterprise GRC lead, AI builder, and SaaS founder. The path has been a little unusual: state audits across agencies, school systems, and universities — including DoIT and MHBE — then corporate finance at T. Rowe Price, then fast-moving tech at DoorDash. These days I build AI-native tools, automate the boring parts of compliance, and try to make security work feel less like paperwork and more like a system that actually helps people.

Claude Code Subagents Maryland Public-Sector IT Audit State Agencies · Schools · Universities AI-Assisted Automation IT GRC Third-Party Risk EU AI Act CISA Certified SOX · SOC1 · SOC2 SaaS Founder Finance-to-Tech Operator Builder Mindset
9+
Years in Security & Compliance
3
Sectors: Government · Finance · Tech
21
Public OLA Audit Reports

// OPERATING STYLE

Calm, high-ownership, and practical. I like clear expectations, useful systems, and teams that can move quickly without manufacturing unnecessary chaos. My best work happens where security, compliance, and product thinking meet — take the messy workflow, understand the risk, then build something cleaner.

// WORK HISTORY
Experience
DD
DoorDash Dec 2024 – Present
Technology Security GRC
Fast Tech TPRM Access Governance AI Automation
  • Drove end-to-end process automation in Security Engineering using AI-assisted development tools, cutting Time-to-Compliance and improving auditability.
  • Managed full lifecycle of Third-Party Risk Management — continuous monitoring, risk assessments, and secure vendor offboarding.
  • Supported the Access Governance program — authoring policies, integrating new IAM providers, and streamlining user access recertifications.
  • Collaborated cross-functionally to standardize TPRM workflows with procurement and legal, improving business efficiency at scale.
TRP
T. Rowe Price Nov 2019 – Dec 2024 · 5 yrs
Senior BA → Manager, Technology Compliance & Risk
Corporate Finance Privacy Lead SOX / SOC UAR Automation
  • Privacy Lead for Global Technology — drove data protection strategy across the enterprise.
  • Owned SOX, SOC 1, and SOC 2 compliance programs, coordinating audits and evidence collection across engineering teams.
  • Pioneered UAR automation — reducing manual recertification effort significantly through workflow automation.
  • Managed GRC tooling and governance frameworks for one of the largest asset management firms in the world.
OLA
Maryland Office of Legislative Audits Jun 2017 – Oct 2019
Information Systems Auditor I → II → III / Senior Auditor
21 Public Reports State Agencies Universities K-12 Systems
  • Planned and conducted ITGC and network security audits across Maryland government agencies, local school systems, and universities, including large agency environments such as DoIT and MHBE.
  • Reviewed firewalls, routers/switches, Windows environments, cloud computing, IDPS, malware controls, SECaaS, vulnerability assessments, VPNs, wireless, and PII/Data Protection initiatives.
  • Prepared formal audit findings and recommendations, evaluated compensating controls and remediation paths, and served as senior auditor on public reports entered into the public record.
LT
Linganore Technologies 2026 – Present
Founder
AI-Native Studio SaaS Products Internal Tools Claude · Cursor · Codex
  • Building AI-native products and internal systems — from compliance tooling and research platforms to public-facing sites and workflow automation.
  • Shipping fast with Claude Code, Cursor, Codex, and agent workflows — a solo founder moving at a small-team pace.
  • Applying audit rigor and systems thinking from government and enterprise GRC into a broader product and technology practice.
// CAPABILITIES
Skills & Certifications

AI & Automation

Claude Code SubagentsDaily driver
AI-Assisted Dev ToolsDaily driver
Process AutomationEnterprise scale
AI Risk & GovernanceCert-backed

Security & Compliance

IT GRC9+ yrs
Third-Party Risk MgmtCurrent role
SOX / SOC1 / SOC2Program owner
Data Privacy & TPRMPrivacy lead

Audit & ITGC

Network Security Audit21 reports
ITGC / Findings WritingPublic record
Access Governance / IAMHands-on
PII / Data ProtectionMulti-sector

Product & Builder

SaaS Development (AI-assisted)Founder
Workflow & Systems DesignCross-domain
Cross-functional Stakeholder MgmtGov · Fin · Tech
Technical Writing & DocumentationAudit + GRC
// CERTIFICATIONS
🏛️
CISA
Certified Information Systems Auditor · ISACA
🔐
CompTIA Security+
CompTIA
🇪🇺
EU AI Act
AI Regulatory Compliance
🤖
Building a Responsible AI Program
AI Governance & Ethics
📊
Fundamentals of AI & ML
Machine Learning Foundations
⚖️
The AI Regulatory Landscape in the U.S.
Policy & Compliance
// FOUNDER CHAPTER
Linganore Technologies

Linganore Technologies is an independent studio building software, internal operating systems, and public-facing tools. Security and compliance are a major lane (it's where the domain depth lives), but the work spans research platforms, workflow automation, and full-stack product development.

What We Build

SaaS products for compliance and security teams. Internal tools for practitioners and founders — workflow automation, research platforms, and ops tooling. Public sites and interactive profiles. Automation that turns weeks of manual work into hours.

Stack

Claude Code, Cursor, and Codex for development and iteration. AI agent workflows for research, content, and ops. Python and modern web for shipping. Documented well, tested against real-world scenarios — not demo-ware.

Where Depth Shows Up

GRC and audit aren't the only things we build — but they're where the unfair advantage is. 9+ years across government audit, global asset management, and fast-moving tech means products land with real practitioner judgment, not generic AI wrappers.

Operating Model

Solo founder, small-team output. Ship fast, iterate in public where it makes sense, keep internal systems private. The same AI-native stack powers everything — customer products, public profiles, and internal systems.

// BUILDER NOTE

Linganore Technologies is an AI-native product studio — SaaS, automation, and public-facing tools built with Claude Code, Cursor, Codex, and agent workflows. GRC depth is the moat; the portfolio is broader than compliance alone.

RG

Roman's AI

● Online · Ask me anything

Hey — I'm Roman's AI. Ask about the GRC work, Maryland audits, AI projects, the SaaS, or anything on this profile. 👋
What's Roman's deal? DoorDash work? AI skills Why work with Roman? The SaaS?