As BambooHR continues to expand its footprint as a trusted provider of human resources software, ensuring the security, reliability, and compliance of its systems has never been more critical. The company is actively strengthening its governance, risk, and compliance (GRC) and incident response (IR) functions to better align with industry standards such as the NIST Cybersecurity Framework, ISO/IEC standards, and emerging AI governance protocols.

While BambooHR already operates a Security Operations Center (SOC), the company faces challenges in achieving consistent alignment between its policies, its day-to-day incident response practices, and evolving compliance requirements. Additionally, metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) are vital benchmarks for SOC performance but are not yet fully optimized.

This project provides an opportunity for students to analyze real-world cybersecurity workflows, propose alignment with frameworks and best practices, and help BambooHR strengthen both its preventative and responsive security posture. Students will not only benchmark current practices against global standards but also contribute to business continuity planning, incident response maturity, and strategic documentation improvements.

By engaging in this year-long project, students will experience the intersection of cybersecurity, compliance, and organizational change management—developing recommendations with both immediate operational impact and long-term strategic value.

By the end of Fall semester, deliver a documented gap analysis that identifies at least 5 misalignments between BambooHR’s processes and industry standards.

By mid-Spring, produce a draft roadmap with prioritized recommendations that can reduce incident detection and response times by at least 20%.

By the end of the project, deliver a comprehensive GRC & IR toolkit—including workflows, metrics dashboards, and policy alignment recommendations—that is feasible for BambooHR to adopt within the next 12 months.