top of page

My Story

Hello my name is Sonya Stephens, I work in IT risk and Cyber Security focussing on the Governance, Risk and Compliance (GRC).

I’ve spent over 20 years in big corporate companies building and improving Risk Management and Governance processes and controls. 15 of these years were within a large, global, financial services company. Here I held various senior positions such as Group Systems IT Security and Risk Manager, Senior IT Audit Manager and Product Development Senior Risk Manager.

One of the highlights in my career was the opportunity to be the Business Lead in designing, implementing, testing, rolling-out and the training of an in-house developed Sarbanes Oxley risk attestation software tool. This tool was extremely well received by the global user population for its practical methods and ease of use whilst being a compliance tool.

In today’s life and well into the future, there is so much of who we are living in the cyber world. This makes data privacy and protection hugely important. This includes effective user education and supplier assessments. For this reason, I welcome the Payment Services Directive (EU) 2015/2366 (PSD2), General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.

Yes, compliance is a pain for companies to implement, continuously monitor and report on. It is, however, a crucial activity to do and keep doing. There are many good people out there, but sadly there are also dangerous people living amongst us. Dangerous people that use our personal data, pretend to be us and to steal from us. As company owners we need to understand this and protect against it best we can.

Compliance in big corporates can be more complex than small-to-medium sized companies but all companies require scarce time and resources to manage this as the risks of non-compliance remain the same. When we share our own personal data with any company, we want to know it is kept safe, regardless of the size of the company.

I am a parent to a young boy. Amongst sporting activities, he enjoys watching YouTube and play online games such as World of Tanks and Fortnite. I educate him about the potential dangers of the online world and monitor his activities. But I am always cautious. I need to know that all companies take security of personal data seriously. I expect companies to protect the personal detail of my son, his friends, all other children and all people. I want companies to know that it is so much more important than a tick box exercise.

Being passionate about making compliance practical and easy, I promised myself I would do everything in my power to make it part of everyday, efficient business operations. That is why I am looking to get in front companies with a desire to improve their Data Protection and Cyber Security practices. Lacuna Securities can help with its practical implementation, monitoring and reporting.

I am an associate Chartered Accountant (Institute of Chartered Accountants in England and Wales) and completed my training at PwC. I also hold a Masters Degree in Computer Auditing, am a qualified Prince2 Practitioner and I passed the Certified Information Security Manager (CISM) exam within the top 20%.

bottom of page