I specialise in technical risk at the intersection of Identity Governance (IGA) and emerging regulations, specifically DORA and the EU AI Act. My work focuses on helping organisations transition from legacy manual controls to robust, audit-ready automated environments.

Auditing the transition from manual spreadsheet-based reviews to automated security platforms such as CyberArk and Veza. I am particularly interested in the logic required to maintain population integrity during these migrations.

Developing control-mapping frameworks for ICT Third-Party Risk and Operational Resilience. I focus on how the Digital Operational Resilience Act redefines the audit requirements for critical technology service providers.

Developing audit programmes for Artificial Intelligence 'Identity and Access' to ensure model integrity and control over training data access.

Risk-based audit programmes designed for automated identity tools, focusing on IPE (Information Produced by Entity) and query logic validation.

Mappings of NIST and ISO standards to the requirements of the Digital Operational Resilience Act, specifically focusing on the third-party risk pillar.

Synthetic model cards and access logs used for auditing Artificial Intelligence environments to demonstrate control over model weights and data sensitivity.

All materials in this repository have been fully anonymised, restructured, and utilise synthetic data. No content originates from a live client engagement or proprietary internal system. These documents represent my personal methodologies and professional viewpoint on industry best practices.

• LinkedIn: linkedin.com/in/layla-b-3470a31b8
• Focus areas: ITGC, Identity Governance, CyberArk, DORA Compliance, AI Risk, Operational Resilience.