Symposium Agenda

The agenda, topics, speakers and time allotment is subject to changes without prior notification.
Click here to view Itinerary

Andre Pitkowski
Keynote Speaker
Los Cambios que Ameritan los Tiempos en Nuestra Ejecución.
- Governance
- Information and Cyber Security
- IT Audit/Assurance
- IT Risk
BE AN ACTIVE ENABLER OF TRANSFORMATION THAT LEADS TO OUR ONE COMMON FUTURE
204-205 - CASE STUDY
​Case Study: The Experience of Generali Group in Implementing COBIT 5

After completing this session, you will be able to:
Learn about the implementation of different framework and good practices in order to define the process framework focused on the enterprise goals
  • Understand which types of COBIT 5 trainings were planned for the employees and for the management
  • Explore a possible mapping between COBIT 5 and ITIL v3
  • Comprehend pros and cons of the presented approach
  • Identify potential benefits of COBIT 5 Framework adoption

Pedwar Castillo
​202 - Auditoría Continua
Auditoría Continua: Tendencia Global de la Auditoría

Al final de esta conferencia los participantes habrán comprendido los principios fundamentales que yacen en el concepto de la auditoría continua y por qué razón esta es la tendencia global de los departamentos de auditoría interna para planificar, ejecutar y emitir resultados oportunamente.​
BIO
Associate Partner
CaseWave Analytics

Pedwar Castillo es asesor en el área de Auditoría y Tecnología de la Información y es miembro de consejo directivo de NextPoint, Srl, empresa dedicada a la consultoría de negocios y tecnología. 

Graduado de Ingeniero en Sistemas y Computación en la Pontificia Universidad Católica Madre y Maestra (PUCMM), con un Magister en Administración Estratégica de la misma Universidad. Pedwar Castillo cuenta además con una Especialidad en Gerencia de la Calidad y Productividad del Instituto Tecnológico de Santo Domingo (INTEC). Adicionalmente posee una Certificación de Caseware Analytics y Auditoría Continua, Certificación COBIT 5 e ITIL Foundations, así como la ISO 31000 Risk ManagerITIL.

Posee vasta experiencia en Gobierno Corporativo de TI basado en Normas como 38500, así como en COBIT; Dirección Ejecutiva y Planeación Estratégica; Gerencia  y Administración de Proyectos;  Evaluación de Riesgo de Tecnología de Información (práctica de Information Risk Management); Prácticas de Monitoreo y Auditoría Continua; Evaluación y selección de Plataformas Tecnológicas; Implementación de software en diversos sectores de la Industria,  Análisis de productividad, análisis-rediseño y/o mejoras de procesos y estructura organizacional; Alineación y detección de brechas para cumplimiento de Riesgo Operacional, entre otras áreas.

​Ha sido Decano de la Facultad de Negocios de la PUCMM, así como profesor de la Escuela de Gestión Financiera y Auditoría de la misma Universidad.

Ha desarrollado importantes proyectos a nivel de auditoría y asesoría para empresas y multinacionales a nivel de República Dominicana y diversos países de Latinoamerica en diferentes sectores de la Industria.

Pedwar Castillo es miembro activo del Information Systems Audit and Control Association (ISACA), siendo en la actualidad Director de Mercadeo del Capítulo en República Dominicana.

John R. Robles
203 - Auditing Information Security
Auditing Information Security - Why isn't the Organization Being Protected

Cyber Security is a high-risk area in all enterprises and institutions that depend on a connection to the Internet.  Being high-risk means that the threats, the probability of those threats occurring, and the mitigation efforts that should be implemented to minimize those risks must be actively studied, reviewed and analyzed.  Management and the Board of Directors (BOD) should be assured that proper cyber security and internal controls are in place to protect the enterprise/institution from internet related attacks.

How does management and the Board of Directors obtain assurance that cyber security and protection is up-to-par, in place, and actively protecting the enterprise -  by performing a periodic cyber security audit.

During this presentation the methodology to audit cyber security will be discussed. Audit areas to be presented and discussed will include:
  1. Planning the cyber security audit;
  2. Obtaining knowledge of the cyber security environment through interviews, review of documentation, and observation of cyber security procedures;
  3. Review of the following cyber security elements: security policies; security awareness and training programs; security risk analysis; security hardware and software; security monitoring procedures; incident response to violations and data breaches; Business Continuity Plans;
  4. Discussion of the Cyber Security Audit Report containing audit findings and improvement recommendations;  and 
  5. Approval and sign-off by IT and enterprise management.
BIO
President,
John R. Robles & Associates

​Mr. JOHN R. ROBLES is an expert in Information Systems Security, Auditing, and Controls with over 30 years’ experience in Information Technology (IT).  He is a former Senior Manager of Price Waterhouse where for 11 years he worked primarily on Information Systems Security, Auditing, Controls, and Systems Implementation Support for a wide variety of clients in different industries, including Banks, Government, and Manufacturing.

He is a frequent speaker on Information Systems Security and Controls in Puerto Rico. He has also spoken before professional organizations in The United States, Mexico, Panama, Costa Rica, and the Dominican Republic. He is active in ISACA where he is a founding member of the Puerto Rico chapter, was Vice President for the Latin America region, member of the Research Committee, and member of the Nominations Committee.

He is currently President of Infragard Puerto Rico, a national association affiliated with the FBI’s Cyber Security program.  He founded and is currently President of the Puerto Rico Cloud Computing User Group (PRCCUG). He founded the Information Security Association to promote Information Security in Puerto Rico. He also founded the Puerto Rico Information Security and Emergency Management Association (PRISEMA).
​ 
He holds a BSEE and an MSEE in Electrical Engineering from New York University, is a Certified Information Systems Auditor (CISA), a Certified Information Security Manager (CISM), and has a Certificate in Risk and Information Systems Controls (CRISC).

Dr. Ralph Otero
302 - Fundamentos Preventivos contra el Fraude
Fundamentos Preventivos contra el Fraude: Una Mirada Multidisciplinaria

BIO
Catedrático
Universidad de Puerto Rico

Dr. Ralph Otero is a Security Management Practitioner, Private Investigator, Guest Lecturer, and Academic Educator within the Security Management field in the Caribbean and Latin America Region for the past thirty (30) years. He has held Investigations and Security Management positions to include: Security Director with the Puerto Rico Ports Authority, AT&T Corporate Security (for the Caribbean & Latin America (CALA) Region; with offices in Atlanta, Georgia, Miami, Florida, Mexico City, Mexico and San Juan, Puerto Rico); Puerto Rico Telephone Company and Mitel Corporation; a Canadian based PBX Telecommunications Manufacturing Company. He served with the US Armed Forces where he was honorably discharged as an Infantry specialist. 

Otero has served as advisor to the Puerto Rico House of Representatives (Penal Judiciary Commission) on Telecommunications/Information Systems Security Issues as well as to the Pontifical Catholic University of Puerto Rico for the first Bachelor degree Program in Puerto Rico in Security Management. He presently serves as Editorial Board Member for two distinguished academic journals: the Journal of Applied Security Research Prevention and Response in Asset Protection Terrorism & Violence, Routledge Taylor & Francis Group, US & UK and the Journal for the Puerto Rico Forensic Association. He is the author of multiple articles and publications and is the author of three text publications: Security Issues of the 90’s in Corporate America: Federal Sentencing Guidelines for Organizations; Telecommunications & Computer Fraud 1996, ¿Misión Imposible? Los Espías de la Nueva Era Empresarial 2002, and Fundamentos de las Ciencias de Seguridad para el Siglo XXI 2009.

Otero holds a Bachelor of Science in Criminal Justice degree from University of Central Texas, a Master of Arts in Criminal Justice degree from Interamerican University of Puerto Rico, a Graduate Certificate in Forensic Sciences from Universidad del Turabo in Caguas, PR and a Doctorate (Ph.D.) degree in Behavioral Sciences from Universidad Complutense of Madrid, Spain, European Union.
Please visit www.DrRalphOtero.com 

Omar Sánchez
304-305 - Conducting a Penetration Test on an Organization
Conducting a Penetration Test on an Organization: Live Simulation

This presentation is intended to define the base criteria for penetration testing and risk assessment. It will provide a high level understanding of the items required within a report as well as a structure for the report to provide value to the audience.
BIO
CIO/CISO
Docutek Services

​​He spent 18 years working in different areas of Information Technology. His beginnings as a cryptography operator and communications specialist.During his career he has been working in Consulting, Integration, Support and Training. He has been specialized on Hospital Electronic Data protection, HIPAA-HITECH Security Risk Assessment, penetration testing and security compliance. Also provide services to companies of all sizes nationwide and specialize in the IT services for Healthcare and Professional Services industries.

​He currently serves as CIO and CISO in the leading business and technology consulting company DocuTek.

Olga M. Ortiz Ramírez
206 - Cumplimiento Regulatorio de las Agencias
​Cumplimiento con las Regulaciones de los Sistemas de Información en las Entidades Gubernamentales de Puerto Rico

Orientación sobre los requerimientos de las leyes, políticas y otras regulaciones de los sistemas de información aplicables a las entidades gubernamentales de Puerto Rico.
BIO
Gerente de Auditorías de Tecnología de Informacíon
Oficina de la Contralora de Puerto Rico

​​Olga M. Ortíz Ramírez es Gerente de Auditorías de Tecnología de Información de la División de Auditorías de Tecnología de Información de la Oficina del Contralor de Puerto Rico. Posee 18 años de experiencia en las auditorías de sistemas de información de las entidades gubernamentales.Graduada de Bachillerato en Administración de Empresas con concentración en Contabilidad y Administración de Recursos Humanos. Posee las certificaciones:
  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security (CISSP)
  • Certified Computer Examiner (CCE)
​Miembro, por más de diez años, de la Information Systems Audit and Control Association (ISACA), la International Information Systems Security Certification Consortium (ISC2) y la International Society of Forensic Computer Examiner (ISFCE).

Larry Lliran Miranda
306 - Vendor & Third Party Management Relationships
Vendor & Third Party Management Relationships

With current trends such as Software as a Service (SaaS) and Cloud Computing, the volume of outsourced products and services has surged in recent years, so, too, have the risks associated with vendors and third-party providers. This is occurring in all the industries including financial services, healthcare, media, retail and others. Each day more organization are relying on third-party vendors to manage operations and processes.  The urgency to address this risk is further driven by recent massive and highly publicized security breaches at several large companies, and the resulting public and regulatory scrutiny of the way personal data is managed in a global IT environment. On this presentation we will discuss from the basic Vendor Risk Management practices any organization should follow to new practices necessary to address emerging risks.
BIO
IT and Operations Internal Audit Manager
EVERTEC, Inc.

Mr. Lliran is an Information Technology professional with over 14 years of managerial and hands-on experience in Information Security, IT Audit, IT Compliance, Data Center Operations, IT Risk, systems solutions design and implementation, project management, networking, service management and system support. He is a goal oriented professional with the capacity of managing multiple tasks and resolving complex issues while working in a fast paced high demanding environment. Larry has the ability of working with the business areas serving as a trusted advisor to establish strategic and tactical goals that better fits business needs. He currently holds the position of IT Internal Audit Manager for EVERTEC, Inc., holding company which provides merchant acquiring, payment processing and business process management services in Puerto Rico, Caribbean, Central America and South America. His responsibilities includes leading the EVERTEC’s information technology reviews including SOX ITGC Procedures, Disaster Recovery Tests, Information Security, Regulatory Reviews (PCI, VISA PIN, GLBA, others) and other information technology related audits. 

Prior to joining EVERTEC, Larry worked as Vendor Relationship Manager and Information Security Officer (ISO) for First Bancorp, publicly owned financial holding company and parent corporation of FirstBank Puerto Rico. His responsibilities included the development of the Information Security Policies, Information Security strategy development, evaluation and selection of security solutions, corporate IT compliance with federal and local regulations, the performance monitoring of IT related Third Parties, Technology Procurement and the corporate business continuity/contingency strategies. Additionally he has previous experience as consultant providing Information Technology advisory to clients in diverse industries and, devising and implementing systems solutions to enhance and secure their networks. Larry is former president of the Information Systems Audit and Control Association (ISACA) Puerto Rico chapter, former member of the ISACA International Membership Grown and Retention BOD Committee and active member of InfraGard (association between the FBI and the private sector dedicated to sharing information and intelligence to prevent hostile acts against the United States).