Security, Privacy & GRC Consultant · Governance · Risk · Secure Digital Systems

I turn security, privacy, and governance requirements into practical delivery.

I help organizations clarify risk, strengthen controls, prepare defensible evidence, and move complex work forward in regulated environments.

More than 10 years in IBM Consulting, combined with founder and technical delivery experience, allow me to connect governance expectations with systems that teams can operate, improve, and demonstrate.

Ionuț Francisc portrait

Credibility grounded in regulated delivery

Enterprise GRC experience, operational accountability, technical depth, and publicly verifiable credentials.

More than 10 years in security, privacy, and GRC

Experience across IBM Consulting roles covering risk assessments, privacy-by-design, secure-by-design reviews, audit readiness, and control evidence.

Incident governance and remediation

As a CSIRT-facing BISO delegate, I supported incident intake, action tracking, stakeholder alignment, closure criteria, and lessons learned.

PKI, certificate lifecycle, and HSM experience

Hands-on work with certificate lifecycles, key exchange, and Gemalto Cloud HSM support in a regulated banking and blockchain platform context.

Microsoft Certified: Security, Compliance, and Identity Fundamentals

SC-900 certification covering foundational Microsoft security, compliance, identity, access, and trust concepts.

Linux administration certification history

LPIC-1 Certified Linux Administrator and LPIC-2 Certified Linux Engineer through Universitatea POLITEHNICA din București, issued June 2018 and expired June 2023. Listed as historical credentials, not active certifications.

Electrical and photovoltaic qualifications

Romanian Level III qualification as Electrician constructor (2023) and specialization as Instalator sisteme fotovoltaice solare, COR 741103 (2023). These qualifications support my practical work as the founder of ElectroVerde.

Continuous professional development

Publicly verifiable learning includes IBM Security Zero Trust Principles, DORA & IBM Technology, Trustworthy AI and AI Ethics, IBM watsonx, IBM Generative & Agentic AI Foundation, and ISC2 Candidate.

View Credly profile

Where strategy meets delivery.

A cross-functional profile built for work that has to satisfy governance, technical, and commercial realities at the same time.

Advisory focus

Mandates where clear controls, sound judgment, and practical follow-through matter.

  • Security governance, privacy, GRC, and risk
  • Secure-by-design and privacy-by-design reviews
  • Control assurance and audit readiness
  • Incident governance and remediation
  • PKI, certificate lifecycle, and HSM
  • Regulated and cross-functional delivery

Systems I deliver

Digital systems designed to be useful, measurable, maintainable, and ready for real operations.

  • High-trust websites and digital service platforms
  • Conversion journeys and qualified-lead systems
  • MVPs that validate commercial assumptions
  • Privacy-aware, local-first applications
  • Operational automation and internal tools
  • Education products for families and schools

Capabilities and tools

The disciplines and technologies I use to move from assessment to implementation.

  • GRC · DPIA/PIA · SPbD
  • CSIRT · BISO · incident governance
  • PKI · HSM · Zero Trust · DORA
  • Linux and infrastructure operations
  • TypeScript · React · Next.js · Node.js
  • WordPress · Netlify · Vercel · GitHub
  • SEO · analytics · conversion systems
  • Automation and AI-assisted delivery
  • Electrical and photovoltaic systems

Ways I Can Help

A focused mix of consulting, implementation, teaching, and product thinking.

Security, Privacy & GRC Advisory

Risk, governance, secure-by-design, privacy-by-design, and control reviews translated into prioritized decisions and accountable actions.

Discuss an Advisory Mandate

Control Assurance

Audit readiness, evidence quality, control interpretation, remediation tracking, and decision-ready documentation.

View Security Profile

Incident Governance

Structured intake, stakeholder coordination, action ownership, closure criteria, and lessons learned across technical teams.

Explore Experience

Digital Systems & Automation

Operational workflows, internal tools, and AI-assisted systems designed to reduce friction and improve traceability.

Improve a System

Web Products & Conversion

High-trust websites, digital services, SEO, analytics, and conversion paths built around measurable business goals.

View Selected Work

Technical Delivery

Hands-on implementation across modern web platforms, Linux, deployment, automation, and maintainable delivery workflows.

Discuss an Engagement

Operational depth behind the advisory work

My career spans infrastructure, regulated operations, enterprise consulting, and founder-led delivery, so recommendations remain connected to execution.

  1. 01 · University years

    Built and operated a neighborhood mini-ISP

    Grew a local network to roughly 200–300 customers, combining hands-on infrastructure, troubleshooting, customer support, and day-to-day operations.

  2. 02 · Before IBM · 2 years

    Customs agent for DHL at Henri Coandă Airport

    Worked in customs operations at Bucharest Otopeni Airport, where accuracy, documentation, deadlines, and regulated processes were central to daily work.

  3. 03 · IBM and consulting · 10+ years

    Security, privacy, GRC, and regulated delivery

    Moved from operations into enterprise consulting across risk, privacy-by-design, secure-by-design reviews, audit readiness, incident governance, PKI, and HSM contexts.

Experience and credentials

Download my resume

An English resume updated for my current security, privacy, GRC, consulting, and digital product profile.

Updated: June 2026 · PDF

Have a mandate that needs a clear path from risk to execution?

I can help clarify the decision, assess the system, prioritize the material issues, and structure a delivery plan with accountable next steps.

Discuss the Mandate