William Montero Barnett
CISA AUDITOR | COBIT-Fv2019 | CEHv7 | ITILv3 | MCTS
La Unión
Summary
Professional with more than 15 years of experience as a senior corporate auditor of information security and cybersecurity in the regional banking financial sector. With knowledge in risk management and technological controls, NIST cybersecurity framework, Cloud Computing, Datacenter on-premise or colocation auditing; electronic payment methods security controls (PCI-DSS); ATM and POS controls (PCI-PIN); IT and business continuity controls; as well as, extensive experience in risk audits and controls of critical services and operational processes, SOX regulatory compliance, Prevention of Money Laundering and Terrorist Financing (AML - LAFT). Strong professional ethics, critical and independent thinking, strategic vision and extensive audit experience in regional banks in Central America and the Miami, U.S.
Overview
5
5
Certifications
1
1
Language
Work History
Senior Corporate IT Auditor (2016-2025)
BAC LATAM – Grupo Aval
- Conducted regular vulnerability assessments, proactively addressing weaknesses before they could be exploited by external threats.
- Identified opportunities for process improvements within the IT department by analyzing current operational structures and recommending strategic changes when necessary.
- Evaluated internal controls and processes, streamlining workflows for increased efficiency and risk mitigation.
- Assisted in developing disaster recovery plans, ensuring critical systems could be rapidly restored following a catastrophic event.
- Collaborated with cross-functional teams to ensure adherence to industry best practices, resulting in improved cybersecurity posture.
- Enhanced IT security by conducting comprehensive audits and identifying potential risks within the organization.
- Analyzed incident response plans, refining procedures to effectively manage potential cybersecurity events and minimize damage.
- Assessed compliance with regulatory requirements, ensuring timely remediation of identified issues and avoiding potential penalties.
- Reviewed system configurations and access controls, strengthening overall network security and reducing unauthorized access incidents.
- Developed detailed audit reports to assist management in implementing appropriate security measures for optimal data protection.
- Performed risk analyses to identify appropriate security countermeasures.
- Conducted security audits to identify vulnerabilities.
Regional Systems Audit Supervisor (2011-2016)
BAC Credomatic
- Enhanced internal controls through thorough risk assessments and recommendations for improvements.
- Mentored junior auditors, providing guidance and feedback for professional growth and development.
- Coordinated, managed and implemented auditing projects and prepared for evaluation.
- Prepared working papers, reports and supporting documentation for audit findings.
Database Architect Engineer (DBA) - L3 (2006-2011)
BAC Credomatic
- Enhanced data security by implementing advanced encryption methods and access controls.
- Performed data integrity inspections, referring exceptions and discrepancies to manager for amelioration.
- Implemented backup strategies and disaster recovery plans to safeguard critical business information against potential loss or damage.
- Established performance benchmarks for database systems, enabling accurate evaluation and continuous improvement initiatives.
University Professor (2020-2022)
Universidad Americana
- Databases course
University Professor (2009-2018)
Universidad Cenfotec
- Databases course.
- Vulnerability Analysis Course
University Professor (2008-2013)
Universidad Latina of Costa Rica
- Databases Course.
- Multidimensional Data Analysis Course
Education
College degree - Law
Universidad Internacional de las Américas
College degree - systems engineering
Universidad Magister
Bachelor’s degree - systems engineering
Universidad Magister
Skills
Information Risk Audit (ISO27005) and Cybersecurity Framework (NIST)
Information Governance and Security (ISO 27001 - COBIT)
SOX/AML/PCI-DSS Regulatory Compliance
Operational Risk and Financial Risk Audit
Business Continuity (ISO 22301)
Review of IT Infrastructure in Datacenters (SOC 1 Type II, SOC 2 Type II)
SQL Server database administration
IBM DB2 UDB Databases
Windows Server Operating System
IBM i OS/400 expertise
Certification
COBIT Foundation 2019, ISACA
University Teaching
- American University (UAM) – 2020-2022
- CENFOTEC University – 2009-2018
- Universidad Latina de C.R. – 2008-2013
Other Courses and Specializations
- Cybersecurity Fundamentals ISACA (ongoing)
- PCI-PIN, Visa Business School, Miami (2015)
- VISA Fraud and Chargeback Prevention (2014)
- Key Management and PIN Security Compliance (2012)
Timeline
College degree - systems engineering
Universidad Magister
Bachelor’s degree - systems engineering
Universidad Magister
Senior Corporate IT Auditor (2016-2025)
BAC LATAM – Grupo Aval
Regional Systems Audit Supervisor (2011-2016)
BAC Credomatic
Database Architect Engineer (DBA) - L3 (2006-2011)
BAC Credomatic
University Professor (2020-2022)
Universidad Americana
University Professor (2009-2018)
Universidad Cenfotec
University Professor (2008-2013)
Universidad Latina of Costa Rica
College degree - Law
Universidad Internacional de las Américas