Ciro Bonilla available

Ciro Bonilla

Risk IT BCP/DRP Consultant

Profileimage by Ciro Bonilla Risk IT BCP/DRP Consultant from
  • Freelancer in
  • Graduation: Graduado en Ing. Computación
  • Hourly-/Daily rates:
  • Languages: English (Full Professional) | Spanish (Native or Bilingual)
  • Last update: 17.11.2019
Profileimage by Ciro Bonilla Risk IT BCP/DRP Consultant from
Over 27 years of solid IT experience, working for Private and Public enterprises in the following areas: Project Management, Strategic planning and Audit IT Controls.

Ten years of consulting experiences producing materials in Operational Risk Management, Planning and Organization Mngt, Information Security Mngt, Enterprise Risk Mgnt, IT Strategic Planning, Business Continuity Plan, Process Analysis and Contingency Plan, BPO and ITO.

Professor's degree in Technology Management from Central University.

Risk Management includes:
• Enterprise Risk Management, (RA, COSO, ISO/IEC 27005, ISO 31000, RISK IT Framework).
• Business Continuity Management/Disaster Recovery Plan, (BCM/DRP, ISO 22301).
• Information Security Management (ISO/IEC 27001; ISO 27002).
• Organization Manuals and Procedures

Ingeniero en Computación, ha realizado consultorías bajo términos de referencia del BID (Banco Interametricano de Desarrollo), BM (Banco Mundial), Gran Ducado de Luxemburgo, entre otros. Miembro activo de ISACA (Information System Audit and Control Association).
Founder and Director - Consulting Information Tech (CIT, S.A) - Operational Risk Management specialist,  Technological and Operational risk audits, IT consultant. 

CIT, S.A. is a firm dedicated to developing, consulting and auditing services for selected clients, specializing in Technological and Operational Risk issues applied under international standards, implementing easy-to-understand methodologies for the Company's end users.
Our motto: Less risk, better IT works, we want to share it with all of you, through the exchange of experiences and knowledge acquired in our consultancies and consultancies.

Here're the latest consultancies I've completed:
Disaster Recovery Plan Specialist at CITSA - Unicomer Group - Retail Business - Nov 2017 - Apr 2018
• Disaster Recovery Plan Methodology, includes BIA, development of emergency procedures for critical processes (ISO 27031; ISO 22317).
• Risk IT Assesment Methodology includes risk treatment, upgrade controls and risk mitigation (ISO 27005)
• Information Security Management, upgrades controls objectives (ISO 27002)
•Analysis of IT Processes

Business Continuity Plan Specialist at CITSA -  BANCORP - Feb 2017 – Mar 2018
• Business Continuity Plan (ISO 22301, Methodology DRII, ISO 31000, ISO 27005);
Professional Practices: Program Initiation And Management; Risk Assesment; Business Impact Analysis; Business Continuity Strategies; Plan Development and Implementation and Crisis Communications.
• Disaster Recovery Plan (ISO 27031, ISO 22317, ISO 31000, ISO 27005, ISO 27002).

Risk Management Specialist at CITSA - Seguros LAFISE - Insurance Business - Feb 2017 - Jun 2017
• Risk and Disaster Recovery Plan Methodology includes development of emergency procedures for critical processes (ISO 27031, ISO 31000, ISO 27005)
• IT Risk Management includes workshops for qualitative and quantitative for Risk IT assessment (ISO 31000, ISO 27005)
• Risk IT Assesment Methodology includes risk treatment, upgrade controls and risk mitigation
• Information Security Management (ISO 27001; ISO 27002)
Lead Auditor at CITSA - Hertz - Sep 2016 – May 2017
Employment Duration 9 mos
• Financial Audit (COSO, NIIF, NIAF)
• IT Audit Processes (COBIT), ISO 27002 (Information Technologies - Security Techniques - Code of Practices for Information Security).
Available to travel in Central America, South America and Spain, United States and Canada

Time flexibility: The time that the consultancy requires
- CBCP (Certified Business Continuity Professional) by DRII (Disaster Recovery Institute International)
- Lead Risk Manager ISO 3100 by PECB (Professionals Evaluation and Certification Board) 
- CobiT 5 (Control Objectives for IT) by APMG (Acreditting Professionals Management Group)

- Sistema de Información Gerencial: Un enfoque estratégico, UACA.
- Herramientas para gestión del riesgo en instituciones de micro finanzas, Asomif/Redcamif.
- Monitoreo y Evaluación de proyectos, SDC Consultores.
- Formulación y Evaluación de Proyectos con enfoque de Marco Lógico, SDC Consultores.
- Planeación Estratégica de Tecnología Informática, (PETI), Panamerican Consulting Group.
- Information Risk Awareness Training Program, HSBC
- Desarrollo de una Herramienta para la Evaluación Probabilística de Riesgo de Desastres con énfasis en América
Central, EIRD
- Normas Técnicas de Control Interno, CGR


- Administración Integral de Riesgo Tecnológico (24 hrs) – CITSA (Incluye caso de estudio)
- Gestión de Riesgo Operacional (32 hrs) – CITSA (Incluye caso de estudio)
- Sistema de Gestión de Seguridad de Información (32 hrs) – CITSA (Incluye caso de estudio)
- Marco de Riesgos de TI (32 hrs) - CITSA

- ANPROTIC (Asociación de Profesionales de Tecnología de Información), Cargo: Presidente.
- ISACA (Information System Audit and Control Association), Miembro No. 758140