Bruno Nunes de Oliveira has been acting for over 10 years with governance, risk and information security. He started his career in IT services companies, has experience in consultancies such as PwC and is currently Consultant Information Security and Business Continuity Manager on T-Systems Brazil. He holds a degree in Computer Science and a post graduate degree in Strategic IT Management and is studying for an MBA in Entrepreneurial Management. He has specialized certifications in Information Security and Business Continuity – including CBCP with DRI, MBCI from BCI, CISM from ISACA, ITIL, and also Lead Auditor in ISO standard 27001: 2013.
How did you learn about Resilience and/or Business Continuity Management (BCM)?
I started my career acting as an analyst of IT processes with ITIL and COBIT, developed some processes of continuity of IT services and then went to work in consultancy that specialized in business continuity, risk management and information security. I specialized in the BS25999 standard, then made sure to become certified, including as a CBCP by DRI. But the best learning is experience, implementing projects, meeting new types of businesses and strategies, and figuring out the peculiarities of each.
What is your biggest challenge as a business continuity (resilience) professional?
In Brazil, the biggest challenges are to show the value of business continuity and resiliency to the board, and get other departments committed to the topic – to understand the need for the organization, and not just a standard or legal requirement to be met.
Another major challenge: integrating the process of business continuity to other business processes, such as compliance, human resources, infrastructure, etc. There are also other issues, such as social responsibility and government.
What are the common misconceptions that others have about your role?
It was normal for people to think that the business continuity professional makes a mapping of areas (BIA) to show human resources where you can reduce, or which area is not critical and suggest changes, which currently has not happened.
What are the common misconceptions that others have about business continuity (resilience)?
Usually people understand and know the role of business continuity and resilience, but do not see the added value of a well-implemented process. In Brazil, as we do not suffer from climatic problems, or terrorism, it is difficult to raise awareness.
What is your favourite advice about Business Continuity (resilience)?
Understand the company’s business – it is impossible to implement any strategic process without the full understanding of the business in which the company operates.
What is your greatest reward in your role as a BCM Professional?
When the client company understands the value of business continuity and supports not only the implementation, as the process life cycle, ensuring that will have maintenance, improvements and actions and when I help other professionals to seek certification and specialize in the subject.
Where do you hope to see organisations in 5 years’ time?
In Brazil, I expect to see most companies be more conscious of business continuity. Right now, there is still a culture of “with us does not happen,” or “this is only for audit.” I also think that the number of trained professionals should increase, and this can bring the resilience culture forward in every way.
For multinational companies, global resilience programs should become stronger; in the company I work with, we have a global implementation of business continuity management rollout for all its units in the world, and works very well, both as commitment and as a cultural exchange of knowledge and experience.