Hello, I'm Sofia H.
With over a decade of experience in security governance, risk management, and regulatory compliance, I specialize in building and optimizing data privacy and compliance programs that align with complex regulatory frameworks and business objectives. My work bridges legal, technical, and operational domains to safeguard organizational integrity and customer trust. Throughout my career, I’ve led enterprise-level programs in ISO 27001, NIST 800-53, NIST 800-171, GDPR, HIPAA, FERPA, SOC 2, PCI-DSS, and GLBA compliance—empowering organizations to meet regulatory requirements while minimizing risk exposure. I’ve developed and executed risk-based compliance strategies, implemented data protection controls, and led privacy and security audits across healthcare, manufacturing, technology, and defense sectors. My legal education, combined with advanced IT security expertise, allows me to interpret complex regulations into actionable governance processes. I hold several industry certifications including CISA, CISM, CMMC-CCP, and CIPP/E, and I’ve built security awareness programs, conducted compliance training, and collaborated cross-functionally with Legal, HR, IT, and Engineering teams to embed privacy and security into the business DNA.
Details
- LocationUnited States
- Years of Relevant Experience20+ years
- Seniority LevelExecutive
- Consulting Rate200
- Highest Level of EducationMasters
Current / Most Recent Employment
N/A
Industry
Specific Jurisdictions That I'm Qualified In or Can Cover
- Global
Language(s)
- English
Professional Membership / Certification
Certified Information Systems Auditor (CISA)Certified Information Security Manager (CISM)Certified Information Privacy Professional/Europe (CIPP/E)CMMC Certified Professional (CMMC-CCP)
Skills
ComplianceData PrivacyGRC StrategyCybersecurity LeadershipCISA (Certified Information Systems Auditor)CISM (Certified Information Security Manager)CIPP/E (Certified Information Privacy Professional/Europe)CMMC-CCP (CMMC Certified Professional)