You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Francisco Salom TerrizziFS

Francisco Salom Terrizzi

Cybersecurity Specialist | GRC

€350/day
Madrid, ES
3-7 years

Average response time: 2 hours

Freelancer profile translated to English.
Back to original language

About Francisco

Cybersecurity does not mature by simply incorporating more tools or controls. It matures when there is governance, clarity on risks, well-defined processes, useful metrics, and connection to business priorities.

This has been the focus of my career in Big Four consulting, working on cybersecurity governance, risk, and compliance projects alongside CISOs, information security teams, technology, risk, and internal control.

My experience combines a solid foundation in IT audit, SOX, and ITGC with specialization in GRC, regulatory compliance, cybersecurity PMO, third-party risk management, AI governance, frameworks such as ISO 27001, NIS2, DORA, NIST, GDPR, and IRAM/FAIR, and executive presentations to senior management.
  • Spanish

    Native or bilingual

  • English

    Conversational

Can work on-site
Madrid (up to 50km)

Experience

  • KPMG España
    Senior Consultant - Tech Risk & Cybersecurity
    CONSULTING AND AUDITS
    January 2024 - April 2026 (2 years and 3 months)
    Madrid, Spain
    • Leadership and execution ofcybersecurity governance, risk, and complianceprojects, supporting CISOs and security areas in improving their regulatory, operational, and control model.
    • Development and update of **security policies, standards, and procedures**, aligned with **NIS2, DORA, ISO 27001, NIST, GDPR, RIA, SOX, and SWIFT CSCF**.
    • Assessment of **cybersecurity and regulatory compliance maturity**, identifying gaps, risks, and improvement opportunities against standards, regulations, and best practices.
    • Definition and monitoring of **action plans, roadmaps, and cybersecurity master plans, and customized risk methodologies**, prioritizing initiatives based on risk, criticality, effort, dependencies, and execution capacity.
    • Design ofdashboards, KPIs/KRIs, and executive reportingfor monitoring risks, controls, projects, budget, and cybersecurity area performance.
    • Preparation of **executive presentations for CISOs, management committees, and senior leadership**, facilitating decision-making on technological risk, compliance, and security strategy.
    • **End-to-end coordination of internal and external technology and cybersecurity audits**, managing evidence, requirements, liaison with auditors, and monitoring of remediation efforts.
    • Management and assessment of **third-party and technology vendor risks**, participating in approval processes, contracting, criticality analysis, security requirements review, compliance assessment, and monitoring of remediation plans.
    Audit Management Cybersecurity Governance Third Party Risk Management Executive Reporting Regulatory Compliance
  • PwC España
    Senior Auditor - IT Risk, SOX, and Internal Control
    CONSULTING AND AUDITS
    July 2019 - January 2024 (4 years and 6 months)
    Madrid, Spain
    Audit of IT general controls (ITGC) for IBEX 35 clients in the Banking, Technology, and Retail sectors:
    • Assessment ofIT general controls—ITGC—in complex environments, including applications, databases, operating systems, and IT processes associated with financial information.
    • Review of compliance with **internal control frameworks and SOX requirements**, analyzing the design and operational effectiveness of controls over access, changes, IT operations, and incident management.
    • End-to-end analysis of **business processes and financial information flows**, identifying key systems, technological dependencies, control points, and risks associated with financial reporting.
    • Development of **process maps, flowcharts, and walkthrough documentation**, facilitating the understanding of audited processes and the traceability of reviewed evidence.
    • Assessment of **processes for generating non-financial indicators and ESG metrics**, reviewing the collection, processing, consolidation, and control of reported information.
    *Identification and communication of control deficienciesto technology, risk, and internal control managers, as well as monitoring of agreed-upon remediation plans.

    *Automation of control tests and massive data analysisusing ACL and Alteryx, optimizing the efficiency and traceability of audit procedures.
    Audit Management Executive Reporting ESG ITGC Business Processes
  • Phoenix Software 3000
    Intern Software Developer
    TECH
    April 2018 - August 2018 (4 months)
    Caracas, Capital District, Venezuela
    Engineer participating in a Startup project for the development of a series of improvement functionalities for a money transfer application for Banco Provincial (Venezuela):
    • Support in project planning.
    • Review of developed code efficiency (SWIFT Language).
    • Following Agile methodology (SCRUM).
    • GIT management.
    • Performing tests on developed functionalities.
    • Continuous collaboration with UX and UI teams.
    iOS Programming Scrum Functional Testing IT Risks UX/UI

Recommendations

Be the first to recommend Francisco

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Computer Engineer
    UGMA
    2018
  • ISO 27001 Lead Auditor
    AENOR
    2024

Categories