Profileimage by Ciro Bonilla Risk IT BCP/DRP Consultant from CiudadPanam

Ciro Bonilla

available

Last update: 09.06.2023

Risk IT BCP/DRP Consultant

Company: Consulting InformationTech S.A.
Graduation: Graduado en Ing. Computación
Hourly-/Daily rates: show
Languages: English (Limited professional) | Spanish (Native or Bilingual)

Attachments

CV-Ciro-Ernesto-Bonilla-Barquero-Eng-update-2023_090623.pdf
CV-Ciro-Bonilla-CITSAE-Update-2023_090623.pdf

Skills

Over 27 years of solid IT experience, working for Private and Public enterprises in the following areas: Project Management, Strategic planning and Audit IT Controls.

Ten years of consulting experiences producing materials in Operational Risk Management, Planning and Organization Mngt, Information Security Mngt, Enterprise Risk Mgnt, IT Strategic Planning, Business Continuity Plan, Process Analysis and Contingency Plan, BPO and ITO.

Professor's degree in Technology Management from Central University.

Risk Management includes:
• Enterprise Risk Management, (RA, COSO, ISO/IEC 27005, ISO 31000, RISK IT Framework).
• Business Continuity Management/Disaster Recovery Plan, (BCM/DRP, ISO 22301).
• Information Security Management (ISO/IEC 27001; ISO 27002).
• Organization Manuals and Procedures


 

Project history

Founder and Director - Consulting Information Tech (CIT, S.A) - Operational Risk Management specialist,  Technological and Operational risk audits, IT consultant. 

CIT, S.A. is a firm dedicated to developing, consulting and auditing services for selected clients, specializing in Technological and Operational Risk issues applied under international standards, implementing easy-to-understand methodologies for the Company's end users.
Our motto: Less risk, better IT works, we want to share it with all of you, through the exchange of experiences and knowledge acquired in our consultancies and consultancies.

Here're the latest consultancies I've completed:
 
Disaster Recovery Plan Specialist at CITSA - Unicomer Group - Retail Business - Nov 2017 - Apr 2018
• Disaster Recovery Plan Methodology, includes BIA, development of emergency procedures for critical processes (ISO 27031; ISO 22317).
• Risk IT Assesment Methodology includes risk treatment, upgrade controls and risk mitigation (ISO 27005)
• Information Security Management, upgrades controls objectives (ISO 27002)
•Analysis of IT Processes
Business Continuity Plan Specialist at CITSA -  BANCORP - Feb 2017 – Mar 2018
  • Business Continuity Plan (ISO 22301, Methodology DRII, ISO 31000, ISO 27005);
Professional Practices: Program Initiation And Management; Risk Assesment; Business Impact Analysis; Business Continuity Strategies; Plan Development and Implementation and Crisis Communications.
• Disaster Recovery Plan (ISO 27031, ISO 22317, ISO 31000, ISO 27005, ISO 27002).
Risk Management Specialist at CITSA - Seguros LAFISE - Insurance Business - Feb 2017 - Jun 2017
• Risk and Disaster Recovery Plan Methodology includes development of emergency procedures for critical processes (ISO 27031, ISO 31000, ISO 27005)
• IT Risk Management includes workshops for qualitative and quantitative for Risk IT assessment (ISO 31000, ISO 27005)
• Risk IT Assesment Methodology includes risk treatment, upgrade controls and risk mitigation
• Information Security Management (ISO 27001; ISO 27002)
  Lead Auditor at CITSA - Hertz - Sep 2016 – May 2017
Employment Duration 9 mos • Financial Audit (COSO, NIIF, NIAF)
• IT Audit Processes (COBIT), ISO 27002 (Information Technologies - Security Techniques - Code of Practices for Information Security).

Local Availability

Only available for remote work
Available to travel in Central America, South America and Spain, United States and Canada

Time flexibility: The time that the consultancy requires

Other

CERTIFICACIONS
- CBCP (Certified Business Continuity Professional) by DRII (Disaster Recovery Institute International)
- Lead Risk Manager ISO 31000 by PECB (Professionals Evaluation and Certification Board) 
- CobiT 5 (Control Objectives for IT) by APMG (Acreditting Professionals Management Group)
- ISO 22301 Senior Lead Auditor by PECB (Professionals Evaluation and Certification Board) 

COURSES
- Sistema de Información Gerencial: Un enfoque estratégico, UACA.
- Herramientas para gestión del riesgo en instituciones de micro finanzas, Asomif/Redcamif.
- Monitoreo y Evaluación de proyectos, SDC Consultores.
- Formulación y Evaluación de Proyectos con enfoque de Marco Lógico, SDC Consultores.
- Planeación Estratégica de Tecnología Informática, (PETI), Panamerican Consulting Group.
- Information Risk Awareness Training Program, HSBC
- Desarrollo de una Herramienta para la Evaluación Probabilística de Riesgo de Desastres con énfasis en América
Central, EIRD
- Normas Técnicas de Control Interno, CGR


COURSES GIVEN

- Information Security Management System (32 hrs) 
-  IT Risk Framework (32 hrs) - CITSA

ASSOCIATIONS

- DRII (Disaster Recovery Institute International)
- PECB (Professionals Evaluation and Certification Board) 
- ISACA (Information System Audit and Control Association), Miembro No. 758140
Profileimage by Ciro Bonilla Risk IT BCP/DRP Consultant from CiudadPanam Risk IT BCP/DRP Consultant
Register