Francis has practiced public accounting with a focus on risk and compliance consulting since 1994. He concentrates on risk mitigation activities relating to information technology and security. His expertise includes the application of industry-specific cybersecurity frameworks including the payment card industry (PCI-DSS) security framework, National Institute of Standards and Technology (NIST) cybersecurity framework, AICPA’s system and organization controls (SOC 1-2-3) guidance, and others.
Francis helps his clients develop a comprehensive approach to information security and technology controls, which may include cost-benefit or system analyses, compliance and internal controls reviews, project management and quality assurance, business process reengineering, penetration testing, external operational assessments, policy development, or financial audits. He works with clients in a variety of industries, including financial services, technology, communications, and life sciences.