Juan José Rabaneda Bueno is Director at Rabaneda Security Compliance Services. He is graduated in Computer Science Engineer by the Universidad Nacional de Educación a Distancia (UNED) and Master in Information Systems Security by the Universidad Politécnica de Madrid (UPM). He is also ISO 27001 Lead Auditor, certified by BSI (British Standard Institute), and was CISM (Certified Information Security Manager) certified by ISACA.
The professional experience of Juan José is almost 15 years, focused on IT and mainly in Information Security and Compliance, area where he has been developing a professional career during more than 10 years. He has held roles of responsibility in this field as Security and Compliance Manager, Security Officer, Security Manager and Regional Security Director. The last two roles working in a leading multinational in the BPO & Contact Center market. The last two years he has been working in Bogotá (Colombia) as Spain & Colombia Regional Security Director.
Juan José is a Gold member at ISACA, and participated in a Security Commission of the Madrid Chapter in 2013. He is currently a member of the GDPR Experts Group of the ISACA Madrid Chapter. He was also a member of the ACFE (Association of Certified Fraud Examiners).
He is expert in Industry Security standards, such ISO 27001 (ISO 27000 series), ISO 22301, PCI DSS, PA DSS, SOC I/II, SSAE 16, and also in data protection legislation such GDPR, Spanish Privacy Law, Ley 1581 de 2012 (Colombia), Safe Harbor, and related legislation such SOX or HIPAA (USA).
Juan José has been responsible for managing and leading Information Security and Compliance teams, with which has successfully executed several projects. Some of these include the implementation and maintenance of:
- standards such PCI DSS, ISO 27001, ISO 22301, SOC I/II, obtaining the certifications from third parties, and renewing the anual certification every year.
- security requirements from legislation such GDPR, Spanish Privacy Law, HIPAA or SOX, and passing the corresponding audits.
- contractual security requirements extracted from contracts with customers.
- Cybersecurity pojects such as anti-malware, SIEM, encryption solutions, etc.
- anti-fraud program for internal fraud prevention, following the CFE methodology created by the ACFE (Association of Certified Fraud Examiners).