Sofiya Khan

A dedicated Cybersecurity and GRC professional holding dual ISO/IEC 27001:2022 certifications—Lead Auditor (CQI/IRCA) and Lead Implementer. Demonstrated experience in IT General Controls (IT-GC) audits, SOC 2 Type II assessments, risk analysis, penetration testing, firewall configuration reviews, and information security policy development. Proficient in global compliance standards including GDPR, HIPAA, PCI-DSS, and India’s DPDP Act. Adept at supporting client engagements, conducting security posture assessments, and delivering GRC advisory services across diverse IT environments.
25 Articles