Full Name
Steve Shofner
Job Title
Principal, Internal Audit
Company
Blue Shield of California
Speaker Bio
Steve is the Founder and Owner of The Shofner Group, based in the San Francisco Bay Area. He has
decades of experience performing various types of IT governance, risk, and compliance audits:
financial statement audits, SOC attestations, ISO27001 audits, disaster recovery and business
continuity planning, risk assessments, SOX/MAR compliance audits, security controls testing, and
others. Prior to Blue Shield of California, Steve began his career with Coopers & Lybrand (now
PricewaterhouseCoopers), then spent most of the next decade with Ernst & Young. After leaving the
Big 4, he spent several years in the Internal Audit and Compliance departments for large corporations,
ran his own consulting practice, spent more time with middle-market accounting firms. During that
span, he has performed the roles of external auditor, internal auditor, Service Organization Controls
(SOC) service auditor, special examiner for CA DOI, compliance program manager; and consultant
across many industries, including high-technology, hardware, software, internet (“.coms”), financial
services, healthcare, biotech, manufacturing / distribution, retail, government, and others. With that
experience, he brings a well-rounded view to all aspects of IT governance, risk, compliance, and operations. Steve has spoken at numerous events, including the RSA Conference, national and local conferences, and international webcasts. He currently serves as a Director for the San Francisco ISACA Chapter Board of Directors, and has served as the Chapter President in the past. He is also the Co-Chair of the SF ISACA Fall Conference Planning Committee. In addition to his client service, Steve spent a rotation in Ernst & Young’s National Office contributing to their Global Audit Methodologies, and was the Education Coordinator for the Pacific Northwest IT Audit practice.
decades of experience performing various types of IT governance, risk, and compliance audits:
financial statement audits, SOC attestations, ISO27001 audits, disaster recovery and business
continuity planning, risk assessments, SOX/MAR compliance audits, security controls testing, and
others. Prior to Blue Shield of California, Steve began his career with Coopers & Lybrand (now
PricewaterhouseCoopers), then spent most of the next decade with Ernst & Young. After leaving the
Big 4, he spent several years in the Internal Audit and Compliance departments for large corporations,
ran his own consulting practice, spent more time with middle-market accounting firms. During that
span, he has performed the roles of external auditor, internal auditor, Service Organization Controls
(SOC) service auditor, special examiner for CA DOI, compliance program manager; and consultant
across many industries, including high-technology, hardware, software, internet (“.coms”), financial
services, healthcare, biotech, manufacturing / distribution, retail, government, and others. With that
experience, he brings a well-rounded view to all aspects of IT governance, risk, compliance, and operations. Steve has spoken at numerous events, including the RSA Conference, national and local conferences, and international webcasts. He currently serves as a Director for the San Francisco ISACA Chapter Board of Directors, and has served as the Chapter President in the past. He is also the Co-Chair of the SF ISACA Fall Conference Planning Committee. In addition to his client service, Steve spent a rotation in Ernst & Young’s National Office contributing to their Global Audit Methodologies, and was the Education Coordinator for the Pacific Northwest IT Audit practice.
Speaking At
