Head of ICT
- ISO 27001 Information Security Management System
- ISO 20000 IT Services Management System
- ISO 9001 Quality Management System
- PCI Data Security Standard
- CSA STAR Cloud Security
- ISO 22301 Business Continuity Management System
- Over 13 years experience in the Information Communications Technology (ICT)
- Over 8 years experience in ICT auditing
- Conducted hundreds audits for different organizations
- M.Sc. Communication Engineering
- B. Sc. Information Technology
- ISO 27001 Information Security Management System Lead Auditor
- ISO 20000 Information Service Management System Lead Auditor
- ISO 9001 Quality Management System Lead Auditor
- PCI QSA (Qualified Security Assessor)
- CSA STAR Cloud Security Lead Assessor
- IRCA ISMS Principal Auditor
- IRCA QMS Lead Auditor
- itSMF ISO 20000 Auditor
- CISA ,CISSP
Work experience highlights
- Lead ICT product development and ICT team in BSI Hong Kong.
- Lead and manage information security and IT audit project.
- Conduct certification audit against international standards (e.g. ISO 27001, ISO 20000, ISO 9001, CSA STAR Cloud Security and PCI DSS) for financial company, government bureau, telecommunication companies etc.
- Conduct gap analysis for external companies against international standards, as well as industrial best practices.
- Identify gaps and areas for improvements such as risk management and continuous improvement;
- Propose security solutions for different organizations such as government, bank, financial company, data centre and international corporation.
- Implement security project including the design and implementation of network security architecture, firewall, IDS, VPN, antivirus solution, backup solution, two-factors authentication system, encryption tool, proxy server, network management system and security monitoring system.
- Develop security policy, guideline and procedure.
- Conduct security awareness training.