Joyce F.

Experience

• 

  City University of Hong Kong

  Jun 2006 - Feb 2007

  Assistant Computer Officer – Department of Computer Science

  • Prepared courseware for CS courses, including data rights management, computer networks and Internet programming; and• Did researches on cryptography, web and wireless technologies, and network/system security.

• 

  Automated Systems (HK) Limited

  Feb 2007 - Mar 2014

  Assistant Manager, Security Consulting

  • Conduct IT security risk assessment and audit services, ethical hacking / penetration tests, vulnerability scanning, application design review, web application security tests, mobile apps security tests, source code review, and database security review; • Perform IT security policies, guidelines, and procedures development and review;• Perform IT security control and compliance review;• Perform personal data privacy control and compliance review;• Provide recommendations to clients on managing risk, control and compliance issues;• Provide presentations senior management and technical staff, and security user awareness training to general staff;• Help clients to investigate application security incidents, root cause analysis, and propose remediation;• Provide IT security monitoring services, and detailed intrusion detection and monitoring report;• Assist in IT security risk assessment and audit service proposal write up and mandays estimation, and provide presale / proposal presentation; and• Monitor the progress of activities during the entire project life cycle, and point out any deviation from project plan. Show less

• 

  CLP Power Hong Kong Ltd

  Mar 2014 - Dec 2015

  System Analyst – Cyber Security Team

  • Perform information security control review, • Provide advisory in information security policy compliance;• Promote cyber security awareness across the company;• Co-ordinate and manage the team for a tender process;• Manage and monitor projects deliverable, within the planned schedule and budget; and• Manage vendors to deliver deliverable on time, with good quality.

• 

  VF Corporation

  Dec 2015 - Jul 2018

  Information Security Manager, Global Security Risk & Compliance (Regional Role)

  • Reported to Senior Director, Security Risk & Compliance, based in United States• Responsible for aligning global information risk management strategy and framework with emerging business requirements; governing and maintaining security standards required in the Asia region• Participated in performing security reviews on multiple eCommerce projects throughout Asia Pacific and Mainland China, to ensure sufficient controls were designed and integrated into the technical solutions to meet internal and local legal and regulatory requirements for Data Privacy and Cybersecurity, and Payment Card Industry Data Security Standard• Conducted regular security assurance tests to ensure implemented security controls in critical systems are SOX compliant Show less

• 

  AXA Hong Kong and Macau

  Jul 2018 - Nov 2024

  Act as the member of AXA HK Chief Security Officer (CSO) Leadership Team to remotely provide security consultancy services: -- Oversee AXA HK’s information security and cybersecurity risks- Building and executing Security Strategy and Framework- Driving initiatives to secure AXA technology assets- Managing Security Governance, Risk and Compliance (GRC) process- Managing Security Budget- Collaborating with senior stakeholders to identify and manage cybersecurity risks- Participating in special projects (example: Fast Isolation Technical Analysis / Business Continuity Planning) Show less • Member AXA HK CSO Leadership Team• Equivalent to Chief Information Security Officer (CISO) role to: • Oversee AXA HK and Macau information security and cybersecurity risks • Build and drive security strategy and framework, based on NIST Cybersecurity Framework + ISO/IEC 27001 ISMS Standard + ISO/IEC 27002 ISMS Standard • Drive initiatives to secure company technology assets • Manage Information Security Budget • Maintain ISO/IEC 27001 Information Security Management System (ISMS) Certification for AXA HK (the scope of which incorporates all operations of AXA Hong Kong and Macau in the primary office locations) • Manage cybersecurity posture of AXA HK • Work closely with Group Security Team and Group IT to develop and update security policy, framework, and training materials for AXA entities; Local Risk Team, Compliance Team, IT Team, Business Teams to identify and manage cybersecurity risk • Provide management reporting to senior executives (Group CSO, AXA HK CEO, Board or equivalent) • Participate in special projects, including conducting due diligence in Merger and Acquisition Transactions, providing advice on various projects related to Mainland China customer data protection • Backup to the day-to-day cybersecurity operations (1st line of defence)• Led a team of five people to: Manage Security Governance, Risk and Compliance (GRC) process Develop, update and enforce AXA HK Security Policy and Process documents Conduct security architecture reviews, application security risk assessments Conduct vendor (3rd party) security assessments Conduct regular security assurance tests to assess the effectiveness of security controls Prepare management update on security status and remediation update; and requested information from regulators Launch security awareness campaigns for AXA HK and Macau users, new joiners, IT developers, agents and contractors Conduct risk assessment for security exception requests Show less

  • Principal Consultant

    Aug 2023 - Nov 2024

  • Head of Information Security, Assurance & Governance (equivalent to CISO role)

    Mar 2022 - Jul 2023

  • Senior Manager, Information Security Assurance & Governance (equivalent to CISO role)

    Apr 2020 - Feb 2022

  • Manager, Information Security Operations

    Jul 2018 - Mar 2020