Thomas BronackCertified Business Continuity Professional (CBCP)
ThomasBronack, CBCP
Certified Business Continuity Professional from DRII
Director of Vendor Relations and Board member for the NYC Metro Chapter of the ACP
9903 Hamilton Drive, Douglasville, Georgia 30135
Mobile: (719) 673-6992Email:
To obtain a position where my thorough knowledge of Information Technology and extensive experience in Enterprise Resiliency, Corporate Certification, Project Management (PM) / Project Management Office (PMO), Risk Management, Disaster Recovery, Business Continuity, and the implementation of an optimized operation through automated tools, improved work flow processes and industry best practices to achieve a zero downtime operation. To further assist companies by mitigating Gaps, Exceptions, and Obstacles to achieve improved efficiency, lower costs, better protection of the company’s reputation, and a safeguarded environment that is in compliance with all regulations, both domestically and internationally in countries where business is conducted.
I possess technical, managerial, and consulting experience implementing safeguarded and optimized environments that comply with business / regulatory requirements and utilize IT industry best practices. I am a Certified Business Continuity Professional (CBCP) from Disaster Recovery Institute International (DRII), a member of the Contingency Planning Exchange, and a Board of Directors member of the Association of Contingency Planner’s NYC Metro Chapter.
Selected Accomplishments
- Built 3 production data centers, and one recovery data center, transitioned client to production data center, transformed client equipment to virtual machines verified recoverability of client applications between production and recovery site
- Converted the Global Business and Financial Services LOB of Bank of America from their old Business Continuity Plans to the automated LDRPS recovery product.
- Assisted clients implementing off-site recovery facilities or companion data centers to address recovery needs (IBM, SunGard, Comdisco, etc.);
- Insured Corporate Compliance to all laws and regulations within the countries where business is conducted, world-wide.
- Developed all documentation and training material, provided client training on recovery and assisted client with creating recovery manuals
- Created a new division within Security Pacific Bank to provide Technology Risk Management, Incident and Problem Management, Disaster Recovery and Business Continuity consulting services called Security Pacific Risk Asset Management (SPRAM);
- Solid Project Management, PMO, and Leadership abilities that have achieved on-time and under budget business deliverables.
- Performed a Merger for ADP Proxy Services when they purchased Independent Election Corporation of America (worked directly for the president of ADP Proxy, Rich Daly).
- I have managed staffs as large as 17 individuals who reported directly to me on a project team or job function
- Produced a Five Year Business Plan for the IT Division of European American Bank and Designed and Implemented a Communications Management Controller based on VTAM/ACF/MSNF for mainframe Load Balancing and Automated Recovery (like a mainframe VMware);
- Migrated and consolidated Data Centers for Chase and Citibank. Assisted many other companies analyze and plan how best to migrate and consolidate data centers through the use of automated analysis tools like: Docu/Text, Job/Scan, CiRBA, AppScan, Foundstone, and others;
- Created Operations Control Centers (OCC), Network Control Centers (NCC), Help Desk (HD), and Emergency Operations Centers (EOC);
- Provided sales and consulting to established offsite recovery facilities for IBM Business Recovery Services clients;
- Provided offsite vaulting and professional services for Zurich Depository Corporation;
- Wrote Book, magazine articles, and provided presentations on “How to Achieve Enterprise Resilience and Corporate Certification”; and,
- Delivered presentations and workshops to major industry groups like IFSA, ISACA, ISSA, ACP and CPE on a range of topics.
Career Synopsis
Confidential, DR Subject Matter Expert08/2013 – present
Led Disaster Recovery initiative related to creating three Regional Data Centers (Americas, Asia / Pacific, and Europe) and a Recovery Data Center (Munich).
- Transformed equipment, or replaced equipment, with virtualization and transitioning the equipment to the regional production site, developing a Recovery Certification process for applications, IT, and Business Locations.
- Developed Statement of Work relating to Enterprise Resiliency and Corporate Certification.
- Created a DR Recovery Planning Guide and DR Exercise Booklets for use in Recovery Certification
- Currently coordinating the fulfillment of Recovery Certification based on RTO / RPO objectives and criticality. At the end of this project:
- All Services and Applications will be Recovery Certified as to the group, or Tier, they are associated with (Continuous Availability or Active-Active utilizing a Flip / Flop approach, High Availability utilizing a Failover / Failback approach, or Best Effort.
- All locations will adhere to the Laws and Regulations of the countries that where business is conducted.
- Audit and Security Controls will be integrated within the SDLC and Change Cycle.
- Version and Release Management principles will be integrated along with Library Management, Vital Records Management, and Access Controls throughout the process.
JPM Chase Bank, DelawareHA/DR Project Manager 12/2012 – 1/2013
Consulting position as a Project Manager for the High Availability / Disaster Recovery (HA/DR) project at Chase Bank, responsible for creating a Charter that lead to funding for the HA/DR Project.
Confidential, Software Company, Disaster Recovery Process Lead5/2012 – 06/2012
In this position I was responsible for establishing a line of business to create Disaster Recovery and Business Continuity plans for existing clients and prospects so that clients would be able to take advantage of a confidential product line to achieve automated Failover and Failback and also have accompanying plans to direct their personnel during disaster events and testing.
Product line included Data De-duplication, Virtual Tape Library, Network Storage Services, Disksafe, Filesafe, Snapshots, Continuous Data Protection,and Single Instance Repository. Products were also used to support Big Data requirements.
- Created Business Plan for the division, produced White Papers,
- Lead the Disaster Recovery Committee to develop a company-wide disaster recovery and business continuity plan.
- Wrote Disaster Recovery Process Professional Services Manual,
- Brought new clients and channel partners to the table
- Improved the knowledge base and reputation of the Business Continuity and Disaster Recovery industry through presentations and industry events.
- Led the negotiation of training and certifications deals with DRII and BCI (Business Continuity Institute).
- Led the negotiation of a National Sponsorship Agreement with the Association of Contingency Planners to introduce Supportive Vendors to over 4,400 ACP members throughout the United States.
Collabera, Inc.,Business Continuity Analyst for Bank of America10/2008 – 02/2009
I worked as the NYC lead consultant responsible for the conversion of current Bank of America Business Recovery Plans to the LDRPS Release 10 program product from Strohl / SunGard. I was responsible for the General Business and Financial Services Line of Business, where I had to:
- Locate the latest release of the Business Continuity Plan for each of over 160 locations world-wide; develop a Baseline to judge the current plans ability to support Recovery Operations;
- Agree upon Gaps and Exception guidelines and resolutions,
- Develop LDRPS Plan format / content in association with the end-user; convert old recovery plans to LDRPS; publish LDRPS Plans, obtain review and approval of LDRPS Plans, and
- Defined and delivered documentation and training to end-users on recovery planning and the LDRPS product.
After Bank of America was converted, my project was scheduled to continue with the same project objective at Merrill Lynch and other newly acquired companies. The goal of this assignment was to insure that all components of Bank of America use the same Business Continuity product and are trained on similar recovery procedures.
Jefferson Wells, Engagement Manager – Technology Risk Management10/2005–06/ 2006
As an employee I was responsible for performing cyber security reviews through IT Audits, IT Sarbanes Oxley Surveys, IT Risk Assessments, Business Continuity Planning, IT Security, overseeing Basel II audits, and many other functions devoted to selling and closing client contracts for Technology Risk Management services. Directed personnel assigned to Technology Risk Management tasks and performed Project Management over concurrent activities assigned to my staff (adhere to FFIEC and NIST standards
(Self Employed)Enterprise Resiliency and Corporate Certification 01/1980 - present
Since 1980 I assisted many customers in designing building, consolidating, and retiring mainframe data centers as the wave of virtualization began and continues today. I also created a full range of data center recovery and business continuity plans. Clients for all data center and business projects included banks (Manufacturers Hanover Trust, Chemical, EAB, Chase, Citibank, Security Pacific), brokerage firms (New York Stock Exchange, Securities Industry Automation Corporation, AIG Audit Department, Shearson, Salomon Smith Barney, RMJ Securities, Lehman Brothers), pharmaceutical companies (Sandoz), vendors (IBM, Computer Science Corporation, Storage Technology Corporation), and others (United Nations, ADP).
I also provided consulting and sales agent services to client organizations including: disaster recovery/business continuity planning; management and technical consulting; workflow analysis; organizational structure definition; job function definition and job description writing; data center requirements definition; implementation, consolidation, migration, and termination;; project/systems management; productivity improvements; system/business analysis; documentation; training, and recruiting / placement of personnel for permanent/consulting positions.
Defined and implemented the Systems Development Life Cycle from Development through Production Acceptance, Support, Maintenance, Configuration Management, and Release Management. Defined documentation and support requirements and insured that Testing and Quality Assurance procedures guaranteed that all required documentation was included in the production acceptance turnover process. I was responsible for the implementation of Help Desks, Network Control Centers, Operation Control Centers, Incident Command Centers and Emergency Operations Centers. I also designed and implemented an Inventory Management System, Asset Management System, and Configuration Management System to track product life cycles from Acquisition, through Redeployment, and finally to Product Termination in accordance to EPA Standards.
Recently, I assisted. in developing a migration and data center consolidation plan for a large financial organization using ADDM, WireShark, AppScan Secure Application Development and Real-Time protections, ADDM, WireShark, Dell x86, VMware vSphere 5, IBM P7 AIX, EMC SAN, NetApp NAS, Cisco Networking, and CiRBA to provide workload balancing and data center optimization.
I have also assisted startup firms like , Market Network Agency (MNA), by creating their business plan, executive presentation, and system design paper to create an on-line automated marketing and bartering system that would tie buyers and sellers of services and products together and perform all contract, currency, fulfillment, and accounting for clients. Information is being used to attract funding and prospective clients.
Submitted successful bid through a company I consulted for to implement the building and loading dock security system for the new World Trade Building that included vetting all trucks, tourist buses, personal operated vehicles, and emergency vehicles to allow entry to the site, security scanning, and direction to loading designated loading dock for pick-up / delivery operations associated with a building tenant request.
Other Permanent Positions include:
- Securities Industry Automation Company (SIAC) – Systems Programming Manager
- Storage Technology Corporation (STC) – North Eastern Systems Engineering Manager
- Chemical Bank – Systems Programming Manager, Capacity & Performance Management
- Manufacturers Hanover Trust Company (MHT) – Computer Risk Management Manager, Data Center Manager
- International Business Machines (IBM) – Customer Engineer (CE), Programming Systems Representative (PSR).
Technical Skills
▪Hardware: Full Range of mainframe, mid-range, servers, and personal computers; along with control units and peripherals
▪Software: Full range of mainframe, client server, and operating system software, including specialized program products: MVS, VM/370, JCL, Docu/Text, Job/Scan, ACF2, RACF, Top Secret, CA products, IBM utilities, Windows; Office (Word, Excel, PowerPoint, Access); MS Project; Adobe Products, Visio, Adobe, Strohl Systems LDRPS and BIA Professional products.
▪Familiar with: Citrix (XenDesktop,XenApp, NetScaler,TriScaler, and Cloud Platform), Cisco, and SQL Server 2012 in support of Application Development, Support, and Maintenance for Cloud Computing (Public, Private, Hybrid).
▪Compliance Knowledge: SOX, GLB, HIPAA, HITECH, ePHI, Final Omnibus Rule, Patriot Act; EPA; Dodd, Frank, COSO; CobiT; ITIL; ISO 27000; Basel III, BS 25999, CERT, FFIEC (BCP & IT Security), PS-Prep, NFPA 1600; NIST 800-30, SAE16 and SSAE3402 for vendor compliance management, Six Sigma and workflow management, ITIL v2, ITIL v3, Workplace Violence Prevention, Help Desk, Incident Command System and Emergency Operations Center, Enterprise Resilience and Corporate Certification.
▪Enterprise Resiliency and Recovery Planning: Project Initiation / Project Plan Creation/ Coordination / Management Reporting, Recovery Team Selection and Training, Risk Assessment, Business Impact Analysis (BIA), Recovery Tool Selection, BCP Tool Implementation, Recovery Plan Creation / Testing / Prototyping / Implementation / and Roll-Out, Recovery Training and Awareness Program, Community Coordination of Recovery Activities (Business Park / Building Neighbors, etc.), Adherence to Governmental Organization Guidelines (FEMA, OSHA, etc.), Integration of Recovery Operations within everyday functions in adherence to Version & Release Management.
▪All of my projects include Elimination of Single Point of Failure, Vendor Management and Supply Chain Management.
▪A.A.S., Electrical Technology, New York City Community College;
▪B.S. Coursework, Computer Science, City University of New York;
▪Certified Business Continuity Professional from Disaster Recovery Institute International;
▪IBM Training in Systems Programming, Project Management; and Business / Personnel Management;
▪Knowledge of Storage Management Disciplines including: Data De-duplication, Virtual Tape Library, DiskSafe, FileSafe, Single Instance Repository, Snapshots, Continuous Data Protection, and Network Storage Services.
▪Member of the Contingency Planning Exchange (CPE) and the Association of Contingency Planners (ACP);
▪Knowledge of HIPAA, Sarbanes-Oxley, Graham-Leach-Bliley; Patriot Act; Basel II, and EPA Superfund regulations for DR/BCP, IT Security, BS25999 / ISO 22301, NFPA 1600, Private Sector Preparedness Act, CERT, ISO 27000, FFIEC and NIST standards and procedures governing BCP and Information Security for financial institutions governed by federal and state regulators. Further knowledge of Data Center Consolidations and Migrations using AppScan Secure Application Development and Real-Time protections, ADDM, WireShark, Dell x86, VMware vSphere 5, IBM P7 AIX, EMC SAN, NetApp NAS, Cisco Networking, and CiRBA to provide workload balancing and data center optimization.
▪Data De-Deduplication, Virtual Tape Library, Snapshots, Single Instance Repository to store and recall Snapshots, Continuous Data Protection, Network Storage Services, DiskSafe, FileSafe, RecoverTrak product line to support automated Failover and Failback operations for High Availability and Continuous Availability through data center Flip / Flop techniques.
▪Knowledge of Cyber Security, Firewalls, Encryption and other data security products. Also knowledgeable of physical security techniques used to create a safe workplace and prevent workplace violence. Knowledge of Big Data usage for data mining and marketing assistance, as well as identifying weaknesses that reduce savings and productivity.
Resume of:Page: 1Thomas Bronack