Steve is the Founder and Owner of The Shofner Group, based in the San Francisco Bay Area. He has

decades of experience performing various types of IT governance, risk, and compliance audits:

financial statement audits, SOC attestations, ISO27001 audits, disaster recovery and business

continuity planning, risk assessments, SOX/MAR compliance audits, security controls testing, and

others. Prior to Blue Shield of California, Steve began his career with Coopers & Lybrand (now

PricewaterhouseCoopers), then spent most of the next decade with Ernst & Young. After leaving the

Big 4, he spent several years in the Internal Audit and Compliance departments for large corporations,

ran his own consulting practice, spent more time with middle-market accounting firms. During that

span, he has performed the roles of external auditor, internal auditor, Service Organization Controls

(SOC) service auditor, special examiner for CA DOI, compliance program manager; and consultant

across many industries, including high-technology, hardware, software, internet (“.coms”), financial

services, healthcare, biotech, manufacturing / distribution, retail, government, and others. With that

experience, he brings a well-rounded view to all aspects of IT governance, risk, compliance, and operations. Steve has spoken at numerous events, including the RSA Conference, national and local conferences, and international webcasts. He currently serves as a Director for the San Francisco ISACA Chapter Board of Directors, and has served as the Chapter President in the past. He is also the Co-Chair of the SF ISACA Fall Conference Planning Committee. In addition to his client service, Steve spent a rotation in Ernst & Young’s National Office contributing to their Global Audit Methodologies, and was the Education Coordinator for the Pacific Northwest IT Audit practice.

https://www.linkedin.com/pub/steve-shofner/0/841/206