Hello, I'm Sofia H.

With over a decade of experience in security governance​,​ risk management​,​ and regulatory compliance​,​ I specialize in building and optimizing data privacy and compliance programs that align with complex regulatory frameworks and business objectives. My work bridges legal​,​ technical​,​ and operational domains to safeguard organizational integrity and customer trust. Throughout my career​,​ I’ve led enterprise-level programs in ISO 27001​,​ NIST 800-53​,​ NIST 800-171​,​ GDPR​,​ HIPAA​,​ FERPA​,​ SOC 2​,​ PCI-DSS​,​ and GLBA compliance—empowering organizations to meet regulatory requirements while minimizing risk exposure. I’ve developed and executed risk-based compliance strategies​,​ implemented data protection controls​,​ and led privacy and security audits across healthcare​,​ manufacturing​,​ technology​,​ and defense sectors. My legal education​,​ combined with advanced IT security expertise​,​ allows me to interpret complex regulations into actionable governance processes. I hold several industry certifications including CISA​,​ CISM​,​ CMMC-CCP​,​ and CIPP​/​E​,​ and I’ve built security awareness programs​,​ conducted compliance training​,​ and collaborated cross-functionally with Legal​,​ HR​,​ IT​,​ and Engineering teams to embed privacy and security into the business DNA.