You are responsible for the infrastructure and operational controls behind a fleet-facing platform that supports connected assets, maintenance workflows, and employee access to operational systems. Several teams make changes across cloud infrastructure, endpoint configurations, and third-party integrations, and inconsistent control enforcement has started to create gaps in patching, access reviews, and audit evidence. Leadership wants confidence that safety-sensitive operations continue to meet internal standards and external compliance obligations without slowing down day-to-day execution.
How would you design and run a security-focused compliance program that keeps safety and operational standards continuously enforced across infrastructure and access workflows? Be specific about the controls, monitoring, ownership model, and how you would prove the program is working over time.