Max Benito Bazile, CISA

Conseiller GRC cybersécurité & Audit TI | Risques technologiques, conformité, contrôles et gouvernance | CISA

St Constant, Quebec, Canada

About

Je suis conseiller en GRC cybersécurité et auditeur TI certifié CISA, avec plus de 10 ans d'expérience à l'intersection de l'audit TI, des risques technologiques, de la conformité et de la gouvernance de la sécurité dans le secteur bancaire. Mon parcours combine des responsabilités en contrôle de deuxième ligne, audit TI, conformité cybersécurité, évaluation des contrôles, suivi des recommandations, reporting exécutif et accompagnement de projets technologiques. J'ai notamment travaillé sur des environnements bancaires critiques, des contrôles généraux informatiques, des revues d'accès, des audits de conformité SWIFT CSCF, PCI DSS et ISO 27002, ainsi que sur l'amélioration des pratiques de documentation, de suivi des constats et de reddition de comptes. J'aide les organisations à mieux comprendre leurs risques technologiques, structurer leurs contrôles, documenter leurs preuves, suivre leurs plans d'action et renforcer leur posture de gouvernance, de conformité et de cybersécurité. Domaines clés : GRC cybersécurité, audit TI, risques technologiques, conformité, IAM, contrôles TI, sécurité des infrastructures, risques fournisseurs, gouvernance cloud, tableaux de bord, plateformes GRC et reporting aux instances de gouvernance. Référentiels : ISO 27001/27002, NIST CSF, COBIT, CIS, OWASP, SWIFT CSCF et PCI DSS.

Experience

  • Groupe Sogebank (13 yrs 10 mos)
    • Conseiller senior en audit TI, risques technologiques et conformité cybersécurité
      Jun 2024 - May 2026 · 2 yrs

      I support the Internal Audit department on IT risk, cybersecurity compliance, governance, and control matters in a regulated banking environment. My engagements cover IT control assessments, technology risk analysis, evidence collection and review, findings documentation, action plan tracking, reporting to governance bodies, and support for responses to external audits. I also provide advisory support to stakeholders on IT risks, control requirements, and compliance issues related to technology projects. I contributed to the GRC platform selection process for Internal Audit, including requirements definition, RFP development, vendor discussions, and support for the selection of Diligent One.

    • Director Information Technology Audit
      Oct 2022 - May 2024 · 1 yr 8 mos

      Led IT audit activities for Groupe SOGEBANK, with responsibility for planning, overseeing, and following up on engagements related to IT risks, compliance, IT governance, and cybersecurity controls. Key contributions: – Developed and managed the annual risk-based IT audit plan. – Supervised compliance audits covering SWIFT CSCF, PCI DSS, and ISO 27002. – Evaluated controls related to access management, IT operations, infrastructure, business continuity, and system security. – Presented findings, risks, and action plans to senior management and the audit committee. – Supported responses to external audits, regulatory reviews, and remediation tracking. – Improved audit methodologies, documentation templates, dashboards, and reporting mechanisms.

    • Deputy director/ IT Audit
      Apr 2021 - Oct 2022 · 1 yr 7 mos

      Coordinated IT audit engagements using a risk-based approach, in support of the IT audit director. Key contributions: – Planned and coordinated IT audit engagements. – Supervised auditors' work, including evidence review, control analysis, and deliverable quality. – Conducted and oversaw SWIFT CSCF and PCI DSS compliance audit engagements. – Contributed to risk analyses related to technology projects, banking systems, and subsidiary IT environments. – Tracked gaps, recommendations, and action plans with audited units.

  • CCNA Instructor at Ecole Supérieure d'Infotronique d'Haiti
    Feb 2012 - Jun 2016 · 4 yrs 5 mos

    Certified CCNA instructor and Cisco Academy manager, responsible for technical training, knowledge sharing, and learner support in network technologies.

  • Information System Auditor at Autorite Portuaire Nationale (APN)
    Sep 2013 - Oct 2013 · 2 mos

    Short-term engagement to assess the IT infrastructure of the National Port Authority (APN), covering servers, network services, applications, network equipment (switches, routers, firewalls), risk analysis, controls, and improvement recommendations.

  • Internship, Network and System Administrator at IREAM
    Jun 2011 - Sep 2011 · 4 mos

    Server and network administration: DHCP, DNS, Apache, Active Directory, network monitoring with Nagios, security proxy with Squid/SquidGuard, and infrastructure inventory using GLPI.

  • Administrateur réseau et systèmes at École Supérieure d’Infotronique d’Haïti ( ESIH )
    Jun 2005 - Jun 2010 · 5 yrs 1 mo

    Administration of servers, networks, backups, Cisco equipment, Wi-Fi environments, and user workstations. Technical support, maintenance, updates, and incident resolution.