Francisco Leo

Francisco Leo


FL has worked in the technology field for over 25 years, starting out as an application developer and taking on roles of increasing leadership and technical responsibilities.  He has developed Governance, Risk Management, and Security programs for Information Technology Departments.  He has designed security architectures, performed security assessments, and lead technical teams in the improvement of operational capabilities and security controls that elevated the maturity of the organizations he has worked for.  Some of his main accomplishments include:


<li>Increase maturity level of Information Technology Department by implementing Information Systems Security Management utilizing COBIT and ITIL frameworks.</li>

<li>Review of security entitlements in the Latin America Region including network access and ERP applications.</li>

<li>Security assessment of global PCI-DSS footprint.</li>

<li>Project Management of core network switching and routing infrastructure for the largest community college in the nation, spanning 9 campuses in south Florida.</li>

<li>FL is an expert in the advisement of Governance, Risk, and Security solutions.  This is demonstrated by multiple engagements at organizations where Information Systems Security Management Programs have been implemented to improve overall security operations and maturity.</li>

Key Highlights

Implemented IT Governance by utilizing a mix of COBIT 4.1 and ITIL Frameworks to develop a risk-based IT department that aligned with the business strategy this translated into the ability to support a 50+ million growth in revenue while maintaining the IT Department operations at/ or below corporate best practices.

Conducted entitlement review process with all business units.  Implemented toolset for identification of Personal Identifiable Information (PII) and Payment Card Industry Data Security Standard (PCI-DSS) elements in the entire network and remediated all issues.

Developed initial program for PCI-DSS assessment by surveying global business units and creating detailed regional risk maps.

Directed PMO overseeing key corporate programs in the areas of Security, Information Systems, and Facility Management in the Latin America Region.  Conducted Entitlement reviews and created Security Incident Response Plans for regional organizations.

Developed corporate security strategy including, policy development, security architecture, incident response, and periodic training to all users.

Managed security authentication and access controls for platforms, network devices, applications and users and the integrations with the enterprise directory and other systems as required.

Performed PCI-DSS assessments in Banking and Oil & Gas Industries, as well as trusted advisory services in preparation of assessments.


<li>Certified Information Systems Security Professional – CISSP</li>

<li>Certified Information Systems Auditor – CISA</li>

<li>Certified Information Systems Manager – CISM</li>

<li>Certified in the Governance of Enterprise IT – CGEIT</li>

<li>Certified in Risk and Information Systems Control – CRISC</li>

<li>Certified Information Privacy Manager – CIPM</li>

<li>Payment Card Industry Qualified Security Assessor – PCI-QSA</li>

<li>Project Management Professional - PMP</li>

<li>ITILv3 Foundations</li>

<li>Certified Scrum Master - CSM</li>

<li>Lean Six Sigma Black Belt - LSSBB</li>

<li>Certified Virtualization Expert – CVE</li>


Bachelor’s degree, Electronic Data Processing College Of Puerto Rico, Computer Programming



<li>Member of ISACA</li>

<li>Member of (ISC)2</li>

<li>Member of IAPP</li>

<li>Member of PMI</li>

Posts by Francisco Leo

How to create a continuous lifecycle for your IT Policy Management

Jun 8, 2022   |   Francisco Leo