Jenny Boneva is the founder and Principal Consultant of JennIS Consulting Ltd.
Jenny’s education and certificates include:
- Master’s Degree in International Business and Management, University of Economics “D.A.Tsenov”, Svishtov, Bulgaria
- Bachelor’s Degree in Informatics, University of National and World Economy, Sofia, Bulgaria
- Certified Information Systems Auditor (CISA), Information Systems Audit and Control Association (ISACA)
- Certified ISO/IEC 27001 Lead Implementer
- Certified Information Systems Security Professional (CISSP), International Information System Security Certification Consortium (ISC2)
- Certificates in Cybersecurity, Network Security, Cybersecurity Risk Management and Computer Forensics, Rochester Institute of Technology, Rochester, US
Mrs. Boneva has more than 15 years of experience in the areas of Information Security (IS) and Information Technology (IT), more specifically IT Audit, Risk assessment and Compliance, Data Protection, and IT Governance.
Currently, she works as a freelancer and provides advisory services in the areas of Information/Cybersecurity, IT audit and compliance.
She works also as Vice president of ISACA (Information Systems Audit and Control Association) Sofia Chapter and promotes, supports and expands ISACA at the local level.
Jenny has extensive management experience as Chief Information Security Officer in a Financial institution and more than 10 years of experience at KPMG Bulgaria.
Mrs. Boneva has more than 7 years of experience as an IT auditor and advisor at KPMG in Bulgaria, Advisory practice. A significant advantage of her experience is the management of the projects related to reviews and security audits of information systems as part of the audit of financial statements, including, IT general controls reviews and tests of application controls. While being with KPMG Bulgaria she acted as IT Auditor/advisor in other projects related to IT and security audits, physical site reviews, compliance and gap analysis reviews against specific regulations and standards, including audit of the internal controls against the requirements under Section 404 of the Sarbanes-Oxley Act (SOX) and number of projects related to assessment of implemented security measures in Organizations in order to comply with Data Protection Directive.