Cynthia Somers Principal
Cynthia is the Principal of ExpertGRC LLC, a consulting firm that specializes in Governance, Risk, and Compliance (GRC) for organizations that manage data. Her journey began when she received her Master’s in Public Health from CU Anschutz, with a focus on Health Systems, Management & Policy. Her academic research took place at Children’s Hospital Colorado, where she traversed extensive privacy protocols in order to access sensitive patient data.
This lead to being hired as the consulting Privacy Officer at Connect for Health Colorado (the state’s online marketplace for health insurance) and she jokes that she should have received a second Master’s in IT as a result of her work on this groundbreaking project. Here she learned how to build a secure and compliant website from the ground up that was able to connect to government systems that contain highly sensitive and classified data.
Since then, Cynthia has worked with multiple clients developing and auditing compliance frameworks. Her clients include start-ups, non-profits, higher education, government entities, and large global corporations. Her focus areas are NIST, HIPAA, GDPR, SOX, and multiple other acronyms that pose headaches for company executives.
Cynthia is passionate about Privacy-by-Design and teaching organizations to develop ethical and effective data protection measures throughout the data life cycle.
She maintains CISA (Certified Information Systems Auditor) and CIPP/ US (Certified Information Privacy Professional) certifications.