Sunny Kapoor

Principal, AI Governance & Platform

sunny.kapoor.pm@gmail.com · LinkedIn · GitHub · Google Scholar

Summary

12+ years shipping security and reliability-critical product in regulated environments. Built Civic Charter (government-native AI governance: intake, risk classification, routing, launch gates, audit) and G8TED (open framework for governed autonomy—typed actions, policy gating, proof—adopted by 8 teams). Execution-focused: backlog health, release readiness, predictable delivery. Deep in IAM, RBAC, audit, WAF, evidence-grade governance; partners at technical depth with eng and UX; communicates clearly with legislators, execs, and customers.

Experience

  • Principal, AI Governance 2025 – Present

    Civic Charter

    • Built government-native system of record for public-sector AI governance (LLM, generative, agentic): intake, risk classification, reviewer routing, launch gates, audit trail, artifact generation; human-in-the-loop throughout.
    • Designed product architecture for agency submit → classify → review → approve → disclose across legal, privacy, security, procurement; audit-ready evidence for high-risk use cases.
    • Translated policy requirements into tiered review workflows and practitioner-facing controls; drove strategy at intersection of AI governance, public-sector ops, and compliance.
  • Creator and Maintainer, Open Framework for Governed SOC Autonomy 2024 – Present

    G8TED

    • Created vendor-neutral framework for governed SOC and agentic systems: typed security actions, autonomy modes (shadow, assist, autopilot), policy gating, evidence requirements.
    • Published reference patterns for policy gating, proof generation, safe execution; teams use G8TED to operationalize governed automation and human-in-the-loop security workflows.
    • Adopted by 8 teams as a reference model for autonomy governance.
  • Founder and CEO, Wildster 2020 – Present

    Youth sports and creative arts marketplace platform

    • Built vertical SaaS and marketplace for youth sports and creative arts: classes, scheduling, billing, CRM, messaging, analytics, multi-location ops.
    • Led product and trust & safety from 0 to 1: security foundations on AWS (least-privilege IAM, Terraform IaC, encryption, environment isolation); productized verification—onboarding, background checks, renewal reminders, policy-enforced communications.
    • Delivered booking, cancellations, refunds, disputes, and operational controls; integrated payments and payouts with RBAC and audit logs. Scaled to ~900 coaches onboarded lifetime, ~180 active in peak months.
    • Shipped Poppy (LLM-powered): operators run scheduling, enrollment, billing, reporting via natural language; reduced friction, surfaced capabilities without context switching.
    • Led distributed team (eng, design, sales) across India, Poland, U.S.; owned product, UI/UX, execution.
    • Built GTM foundation from scratch: ran product demos, outbound sales motion, cold outreach, and sales workflows in Outreach to drive pipeline, customer discovery, and early adoption.
    • Drove discovery, A/B testing, and phased rollout of new products, including Wildster Spaces, a supply marketplace that helped coaches expand access to facilities without owning or leasing space.
  • SVP of Digital Product Management 2017 – 2020

    Ellipse Analytics (Pure Market)

    • Built Pure Market 0-to-1: e-commerce and product-grading (400+ lab attributes, A–F grades). Scaled to 3,000+ products, 18 categories; owned roadmap and PRDs across eng, design, data.
    • Turned lab results into defensible trust signals; shoppers compare contaminants and label claims. Positioned brand as “You deserve to know”; aligned roadmap with lab ops and PE funding.
    • Shipped governance (RBAC, audit change control) for defensible decisioning and risk-scored actions across the platform.
    • Implemented telemetry and experimentation (Mixpanel) to improve activation and conversion through measurable funnel performance.
    • Shipped fulfillment (drop ship, client warehouses); scaled product offering as clients and categories were added.
  • Senior Director, Digital Product Management 2014 – 2017

    Sanford Health

    • Built and led product org of 12 PMs; drove digital transformation on-prem to cloud, stood up in-house cloud ops for enterprise digital products.
    • Owned 15+ initiatives: Fast Track (real-time clinic/ED wait times), Imagenetics, Epic-integrated consumer experiences.
    • Led Profile by Sanford product from startup to 45+ locations, 10 states; built coach platform and site in-house, cut agency dependence 60% ($2M+ savings over 3 years).
    • Implemented RBAC and audit logging for controlled access and traceability across digital products, reducing annual compliance and audit findings from 12 to 2.
    • Partnered with the SOC team and CTO to deliver a workflow and visibility layer integrating SIEM signals with triage and assignment, improving MTTD/MTTR by 25% and reducing critical misses.
  • Director of Digital Marketing Technology 2013 – 2014

    Sanford Health

    • Shipped digital platform for GABR (flagship cycling relay for children’s healthcare): real-time event data, live donation tracking, one-click check-ins, leaderboards, custom team app; enabled staff and participants to run event at scale.
    • Led marketing for Edith Sanford Breast Cancer Foundation (new initiative); shipped “Team Edith” platform for event and race management and donor-funded fundraising.
    • Drove product strategy and roadmap for event and fundraising platforms; aligned philanthropy, marketing, and IT; presented roadmap and results to VP and C-suite quarterly.
    • Platforms supported $2M+ in annual event-driven fundraising; reduced event-day operational effort by 35% through automation and one-click check-ins.
    • Led engineering (in-house, remote, vendors) and owned $1M+ technology budget; led vendor selection, contracts, and E2E delivery of marketing technology and event platforms.
    • Received Sanford Health leadership award for cross-functional leadership and delivery.
  • Senior Product Marketing Manager 2011 – 2013

    Curriculum Associates (K–12 edtech; i-Ready)

    • Drove web as primary sales channel: shipped state-level personalization (standards, adoption, resources) so K–12 districts could self-serve; shortened time-to-qualified-lead and gave sales one source of truth.
    • Led 2 ICs (email + web marketing); dotted line to CEO on i-Ready GTM and positioning.
    • Shipped experimentation program: A/B tests across web and email; HubSpot drip campaigns and dynamic state/segment pages; improved conversion and campaign performance.
    • Launched customer research program (surveys, interviews) for i-Ready core market; insights informed positioning, messaging, and sales enablement during product growth.
  • Web Systems Manager 2010 – 2011

    DeVry University, Career Services

    • Drove requirements and adoption for new Career Services platform post-Deloitte; aligned CTO and exec stakeholders to ship across 90+ campuses in 26 states within 1 year.
    • Led discovery: use case studies and user interviews at 4 pilot campuses; documented and socialized requirements with vendor and leadership to enable on-time rollout.
    • Scaled platform from 4-pilot to 90+ campuses in <12 months; managed third-party vendor on implementation, issue resolution, and go-live.
    • Shipped change management (training, playbooks, support) for Career Services; drove consistent adoption across national rollout.
    • Owned NPS and feedback analytics across 90+ locations; surfaced insights that informed prioritization and rollout strategy.

Education

  • Executive Education, Product Strategy

    Northwestern University, Kellogg School of Management

  • B.S. in Management

    Benedictine University, Lisle, Illinois

Certifications

  • SAFe Product Owner/Product Manager (POPM)

    Scaled Agile

  • Google Cybersecurity Professional Certificate

    Google

  • AWS Certified Security – Specialty (SCS-C02)

    AWS (in progress, expected April 2026)

Skills

AI governance & risk: NIST AI RMF, tiered review, risk classification, compliance (state/federal), policy-to-product translation. Systems & frameworks: LLMs, agentic architectures, RAG, AI coding assistants; governed autonomy (shadow/assist/autopilot), OWASP LLM security. Security & controls: IAM, RBAC, policy gating, audit logs, WAF, rate limiting, posture findings, evidence and governance. Leadership: 0-to-1 product and platform builds, multi-stakeholder programs, vendor and solution evaluation, technical communication (legislative, press, public); backlog and release discipline, rollout planning. Platform, operations & domain: APIs, serverless, event workflows, observability under privacy constraints; incident response, runbooks, operational readiness. Government, healthcare, regulated industries; cloud, integration patterns.

Selected writing

  • G8TED Blog: framework updates, action execution layer, OWASP + action governance for SOC agents. Sunny Kapoor. g8ted.org, 2025. Blog

Use Ctrl+P / Cmd+P to print or save as PDF.