Independent GRC and cybersecurity advisory — built on 30 years inside Canada’s most regulated industries.
A senior-led advisory built around how regulated organizations actually buy GRC and cybersecurity — by outcome, not by deliverable.
Independent advisory to design, mature, and operate enterprise GRC programs — from policy frameworks to board-level reporting.
Threat, vulnerability, and third-party risk assessments grounded in 15+ years of TRA, TPRA, and PPI engagements across regulated sectors.
SOX, C-SOX (Bill 198 / 52-109), PCI DSS, and SOC 2 readiness from a former PCI QSA and CISA-certified auditor.
Part-time CISO leadership, security architecture consultation, and AI-enhanced threat and resilience advisory.
Representative work across energy, financial services, and public sector — all delivered under independent advisory engagements.
Embedded as cyber security advisor to assist a national pipeline operator establish its risk and vulnerability management programs across IT, Operational Technology (OT), Industrial Control Systems, and SCADA. Performed risk assessments of new and legacy systems and coordinated remediation with engineering and IT teams to close audit findings.
Delivered cyber security advisory, Threat Risk Assessments on solutions, projects, and programs, third-party risk assessments, and security architecture consultation across a large regulated gas distribution organization.
Provide ongoing SOX compliance program management, ITGC rationalization, awareness and training on logical and physical security, risk and security metrics, and guidance to management on conducting risk management assessments.
Developed Disaster Recovery and Business Continuity Planning artefacts for a large Canadian Catholic school district, aligning recovery objectives with operational and regulatory priorities.
Performed a rationalization exercise across the IT General Controls environment, mapping business process controls to general computing controls and applying COBIT, ISO/IEC 27002, and ITIL frameworks.
Led the IT Services risk management program, emergency management initiatives in support of DRP, and the transition from the SAS70 standard to SSAE16. Consolidated controls across the organization — including PCI DSS — to achieve continuous compliance with policy, regulatory, and legislative requirements.
Engagements are led personally by a senior practitioner holding the principal GRC, audit, security, and privacy certifications — backed by a 30-year career in IT, audit, and security operations.
Former Payment Card Industry Qualified Security Assessor (PCI QSA). Bilingual English / French; working Spanish and Italian.
Angelo Gallo is a senior IT security, risk, and governance practitioner with over 30 years in the field — including 20+ years in audit, security, and risk advisory across pipelines, utilities, oil & gas, telecommunications, financial services, education, and life sciences.
His engagements emphasize independence, board-level clarity, and audit-ready outcomes — from threat and risk assessments and SOX / 52-109 programs to virtual CISO retainers and OT / IT convergence advisory.
Founder and Principal — GRC, audit, and security advisory to enterprises across Canada.
Cyber Security Consultant — risk and vulnerability programs across IT, OT, ICS, and SCADA.
Information Security Systems Officer IV — TRAs, TPRAs, and security architecture consultation.
Senior Manager, IT Security Advisory — SOX/C-SOX, ITGC, COBIT/ISO 27002 assessments.
IT audit, risk, security, compliance leadership including the SAS70 → SSAE16 transition and PCI DSS consolidation.
Former Board Director and Chair of the Risk Management Committee at Kids Code Jeunesse — a bilingual Canadian charity for digital and AI literacy education.
Whether you're standing up a GRC program, preparing for audit, or looking for senior virtual CISO support — start with a confidential conversation.