Information Security Risk Management

MANUEL ANDIA

CISO Information Security Executive GRC & Cybersecurity Strategist Risk Management Leader Email: ***********@*******.*** Phone: +1-929-***-**** LinkedIn: https://www.linkedin.com/in/manuelandia OBJECTIVE: Information Security Executive with over 15 years of experience leading enterprise-wide cybersecurity, GRC (Governance, Risk, and Compliance), and IT risk management initiatives. Proven expertise in implementing ISO/IEC 27001, COBIT, SOC 2, and NIST frameworks. Known for aligning security strategy with business objectives, leading cross-functional teams, and delivering measurable improvements in security posture and compliance readiness. Currently seeking strategic roles such as CISO, Information Security Manager, or GRC Lead to drive security innovation and business resilience.

• Information Security Strategy • Governance, Risk & Compliance (GRC) • ISO/IEC 27001, ISO/IEC 22301 & COBIT Frameworks • SOC 2, NIST, GDPR, PCI DSS • Risk Assessment & Mitigation

• Regulatory Compliance • Cloud Security (Azure) • Security Awareness & Incident Response • Audit & Policy Development • Leadership of Security Teams • IT Operations & Infrastructure • Vendor Risk Management.

RELEVANT EXPERIENCE

Information Security Consultant

ISEC – Information Security of Peru 2014 - 2016 (Full-Time), 2016 - Present (Part-Time, Remote)

• Led the implementation of Information Security Management Systems (ISMS) based on ISO/IEC 27001 across various organizations, conducting risk management processes in alignment with ISO/IEC 31000 and ISO/IEC 27005 standards to enhance compliance, identifying security risks, and ensuring effective treatment.

• Led the implementation of the COBIT 5 framework to strengthen IT governance and ensure alignment between IT and business objectives, successfully driving the deployment of internal controls for Information Technology.

• Established Business Continuity Management Systems (BCMS), including Business Continuity Plans (BCP), Business Impact Analyses (BIA) and Disaster Recovery Plans (DRP), aligning with ISO/IEC 22301 standards.

Key Projects:

• Falabella Bank: Risk assessment of the ISMS following the O&M/15-10 Information Security Risk Management Procedure of the Bank Information Security Management System Ministry of Economy and Finance (MEF) National Port Authority (APN) ENTEL (Peruvian Telecommunications Company) Ministry of Foreign Affairs. Systems and Information Security Coordinator Buro Group SAC 12/2011 to 09/2014

• SOC Compliance Experience: Ensured alignment with SOC 2 and SOC 3 standards, focusing security, availability, processing integrity, confidentiality and privacy. Conducted audits and gap analyses to meet SOC 2 requirements, implementing remediation actions. Collaborated with teams to ensure adherence to SOC reporting and strengthen data protection.

• Develop, implement, and manage a comprehensive Information Security program aligned with industry best practices and security frameworks. Such as ISO/IEC 27001, achieving a significant reduction in security incidents and enhancing overall organizational security posture.

• Developed and implement security policies, and procedures, ensuring compliance with ISO/IEC 27001 and ISO/IEC 27002 standards and best practices, security controls to mitigate identified risks, security incident response plans and playbooks.

• Monitored and controlled the development and implementation of the IT Disaster Recovery Plan

(DRP), ensuring business continuity and preparedness.

• Third-Party Onboarding and Vendor Management, registration and approval processes including InfoSec, Compliance, BCP, Exit strategy, and country-specific documentation, Compiled and submitted key documents such as SOW, SLAs, MNDA, and MSA. IT Project Manager SS&S – Systems Support and Services 07/2010 - 06/2011

• Served as IT Support Project Manager at HSBC Bank, leading a team of 15 support technicians T1 and T2 while ensuring compliance with the bank's information security policies. IT Project Manager Unisys del Peru 07/2000 - 07/2007

• Lead IT projects, supporting IT infrastructure, Systems Management, Technical Support Operations, Data Center Management for the main energy sector companies. TRAINING & SKILLS

• CISO Program: Training program for Chief Information Security Officers

• ISACA: CISM, CRISC, and Deep knowledge of CompTIA Security+

• Project Management: Strong knowledge of PMI, MS Project, MS Visio

• Security and Compliance Frameworks, Standards, and Regulations: ISO/IEC 27001 - ISO/IEC 22301 -ISO/IEC 31000 - COBIT - NIST CSF & RMF -c (Sarbanes- Oxley Act) -1940 Act. – HIPAA - PCI DSS -SOC2

Offensive Security and Ethical Hacking: Experience in penetration testing, intrusion detection, and vulnerability assessments using advanced tools such as Tenable Nessus, Acunetix, Armitage, Nmap, Metasploit, Burp Suite, and other within the Kali Linux.

• Operating Systems: Windows Server, Linux/Unix, Ubuntu, Kali

• Azure Fundamentals AZ-900 (Microsoft) - Completed coursework.

• Azure Database Administrator Associate DP-300 (Microsoft) - Completed coursework. CERTIFICATIONS

• ISO/IEC 22301 Lead Auditor (IRCA) - Business Continuity Management System

• ISO/IEC 27001 Lead Auditor (PECB) - Information Security Management System

• COBIT 5 Foundation (ISACA) - IT Management and Governance.

• Cisco Network Security - Cisco Routers, Cybersecurity Essentials, Packet Tracer, NDG Linux. EDUCATION

Systems Engineering Federico Villarreal University, Lima – Peru 1989 - 1997 LANGUAGES: English – Proficient Spanish

Contact this candidate