AI RISK GOVERNANCE & AUDIT

Skills — Governance & Assurance

• Policies & Controls: role/policy engine; approvals; output controls (block • redact • route • approve); escalation & separation of duties; change management.
• Compute-then-Narrate: calculators → JSON schemas → canonical templates → narration with fact-lock (no new numbers/dates); policy-styled composite deliverables.
• Evidence & Lineage: step-level Decision Trace (inputs, tool calls, policy hits, outputs); one-click evidence bundles; replay manifests.
• Determinism & Replay: idempotent handlers; budgets/timeouts; deterministic offline replays for audit/incident review.
• Data & Memory: MS SQL Server (schemas, SPs, replication), Weaviate vector memory, PII-aware redaction paths.
• Platform: Python (FastAPI), Node.js, WebSockets, Azure; Cloudflare DNS; multi-tenant portals; offline/air-gapped deployments.
• IoT → Cloud → Agent: LoRa/LTE gateways; Android (BLE/NFC); governed telemetry into agent workflows.
• Languages & Tools: Python, SQL, JavaScript, LabVIEW, Docker.

Experience

• Founder & Principal Engineer — Pegesis (AGS++) 2024–Present
  pegesis.com

  Designed and shipped a policy-first AGS with runtime approvals and output controls embedded inside execution. Outputs are governed deliverables: composite (tables + charts + narrative) or specialized visuals (e.g., weekly service heatmaps), enforced by policy at runtime.

  • Built a policy router + cognitive loop that detects intent & org, selects ags/clients/{org}/{domain}, inherits/merges rules, and enforces guardrails.
  • Implemented JSON-first schemas with fact-lock; narration cannot introduce unseen facts; violations are blocked or escalated.
  • Produced Decision Trace and an Evidence Pack (trace + policy hits + outputs + replay manifest) for deterministic offline re-runs.
  • Ensured secrets safety: sensitive fields (e.g., sessionToken, accessKeyId, token) masked from review while preserving lineage integrity.
• Founder — VSETA (IoT Ops; User-0 of Pegesis) 2015–Present
  vseta.com

  Operationalized controls across production sites: hourly policy checks, compliance dashboards, audit-ready timesheets, and automated alerts.

  • Pipeline: LoRa sensors → LTE gateways → Node/Azure APIs → MS-SQL → Pegesis agents; Android (BLE/NFC) & web portal.
  • Implemented PII-aware redaction and role/policy enforcement across capture, processing, and reporting.
• Software Specialist — BlackBerry 2006–2015

  Built global MS-SQL replication and lab automation (Audio Studio, LabVIEW robotics) used across Germany/China/US/Canada labs & manufacturing; multiple software patents.

Governance Signals (What Audit Cares About)

• Runtime control points: pre-release approval, redaction/routing, immutable logs.
• Evidence by default: Decision Trace captures input → tools → policies → output; exportable evidence bundles and replay manifests.
• Low-hallucination design: narration only from computed, schema-validated facts; violations blocked or escalated.
• Offline-ready: local LLMs, vector DB, and deterministic replay for air-gapped environments.

Architecture — Policy Router & Cognitive Loop

Intent & Org Detection: Cognitive loop extracts intent & organization, then the policy router selects ags/clients/{org}/{domain}, inheriting/merging relevant policies.

Enforcement: The merged policy governs calculators, data retrieval, redaction, output schemas, and presentation style. Outputs can be composite (analytics table + chart + summary) or specialized (e.g., heatmap for “report walmart service for last week”).

Secrets & Safety: Sensitive fields (e.g., sessionToken, accessKeyId, token) are masked and excluded from review trails while maintaining trace integrity.

• Policy selection: org/domain routing → inheritance/merge → runtime guardrails.
• Output schemas: JSON-first results validated before any narration.
• Approvals & SoD: pre-release approval gates with escalation paths.

Decision Trace & Evidence (Proof, not promises)

• Trace items: inputs, tool calls, policy hits, outputs, and any redactions or blocks.
• Evidence pack: one-click export including replay manifest for deterministic offline re-runs.
• Outcome styles: composite reports (tables + charts + narrative) and single-visual outputs (e.g., heatmaps) based on policy.

Target Roles — RBC

Targeting roles that require governance-by-design, runtime controls, and strong auditability for AI systems.

What I Bring

• Policy-first runtime: guardrails applied during compute, not after.
• Evidence by default: decision logs suitable for audit and replay.
• Composite outputs: consistent, policy-styled deliverables (reports, heatmaps) proven in live demos.

Projects

• Pegesis (AGS++)

  Compute-then-narrate; runtime approvals; output controls; Decision Trace; Weaviate memory; offline deployments.

• VSETA IoT

  Sensors/gateways → APIs/DB → Pegesis agents. Deterministic, policy-gated compliance analytics.

• Evidence Pack

  One-click export: traces, policy hits, schema’d outputs, replay manifest — for rapid audits and incident reviews.

Resume — AI Risk Governance & Audit

Targeting roles that require controls, evidence, explainability, and safe enablement of AI at scale.

Contact