Guillermo Rodriquez Bonazzi

Manager, Audit

KPMG in Bermuda

With 14 years of experience, Guillermo has been leading projects related to IT audits, Cybersecurity assessments, information risk management, data privacy, software development, compliance and regulation of international standards such as SOX, JSOX, SOC I and SOC II reports, ISO27001 and ISO22301, SWIFT assessments and other types of IT risk related projects. He has developed his professional experience in different countries such as Spain, Italy, France, United States, United Kingdom, Argentina, Brazil, Colombia, Peru, Mexico and the Kingdom of Saudi Arabia. He has worked in different sectors such as finance, insurance, health, energy, telecommunications, retail, education, construction and start-ups.

Professional and Industry Experience

  • In his professional career, Guillermo has led IT audits evaluating business processes and their inherent risks, performed numerous audits of General IT Controls (GITC) and evaluations of automatic controls (application controls) as support of financial audits (Internal, external, or independent audit service) for clients from different sectors.
  • Guillermo was in charge of the IT audit assessment of NEOM (Kingdom of Saudi Arabia). Under the supervision of NEOM's CFO, Guillermo was responsible for coordinating, executing and documenting the results of the General IT Controls (GITC) as well as the application controls (ITAC) on NEOM's critical financial processes. At the end of the assessment, he was responsible for preparing the final report with the results following NEOM's standards and requirements, to be presented to NEOM's General Management.
  • He has coordinated and executed tests of IT controls in SOX/JSOX evaluations as well as evaluated compliance with ISO assessed compliance with ISO27001/ISO27002 and ISO22301 as such as the remediation activities. He has also participated in the coordination of projects for the development of SOC I and SOC II reports.
  • Guillermo has executed and coordinated different Cybersecurity and risk assessments, performing risk mapping, analyzing company processes to identify and evaluate corporate risks, identifying significant controls to create a risk framework, and managing the scope, resources, progress and deliverables. Planning and execution of additional tests (compensatory controls) to provide confidence in the process and as the development of a mitigation strategy for the identified risk.
  • Prior to joining KPMG Bermuda, Guillermo worked for other Big Four companies. He also has worked for Hewlett Packard Enterprise, he was responsible for the internal audit department and supported the accounting, tax, legal and branch management applications at Ally (General Motors Company's financial bank).

  • Electronic Technician (UET)

  • Information Security Expert (ISE)

  • Certified Information Systems Auditor (CISA) - ISACA

  • ISO22301 Internal Auditor