Experience

• 

  Ibm personal computer department

  Apr 2005 - Nov 2006

  It security team leader

  • Lead IT security QA/QC team• Be responsible for IT security activities, including VRP (Vital Business Process Recovery Plan), BCP (Business Continuity Plan), BPR (Business Process Reengineering), SOX, Network/System access management, operating system security, application antivirus control, client security etc. • Quality assurance for IT security compliance （ITCS 104, 300, GSD 331 etc.）• To monitor the execution of IT security process.• To collaborate with external auditors to conduct in-depth compliance audits and penetration testing • To supervise daily activities of Computer Security Assistant and network Administrator and application developer• To educate and lead security team Show less

• 

  Hisoft systems hongkong limited company

  Dec 2007 - Oct 2008

  Security and compliance officer

  • Lead Security and Compliance Committee made up of 10 stakeholders, top from data center head and down to IT security specialist, security guard.• Lead whole Data Center (including Shenzhen Site and Hongkong Site) to implement security and compliance management system based on ISO17799:2005, HKMA, SAS70 and IT outsourcing contract.• Confirm and meet customer, legal and regulatory requirements on security and compliance• Design and implement Data Center Business Continuity Management and Plan.• Do Internal Security and Compliance Audit. • Correspond to the third-part Security and Compliance Audit.• Track all security and compliance incident and defect happened in whole data center.• Monitor and report Security and Compliance status of all related department in Data Center.• Do Security and Compliance Training Show less

• 

  Data centre, the bank of east asia (china) limited

  Apr 2009 - now

  Deputy general manager

  • Do Core Business Application System Management in Data Center, Same City and Remote City Disaster Recovery Site.• Lead whole Data Center, Same City and Remote City Disaster Recovery Site to implement and improve Core Business Application System Management based on legal and regulatory requirements of CBRC (China Banking Regulatory Commission), PBC (People’s bank of China), CSRC (China Security Regulatory Commission).• Confirm and meet whole Corporate Policy, Standards, and Guidelines in Data Center, Same City and Remote City Disaster Recovery Site.• Do Data Center IT Asset and Budget Management, optimize resource to ensure critical high priority task completed in Budget, in Time and in Quality and meet the enterprise requirements of cost-down.• Correspond to the third-part Audit and on-site inspection of CBRC and CSRC.• Correspond to the internal audits to verify and improve internal IT controls of Data Center.• Monitor and report KPI of Core Business Application System in Data Center, Same City and Remote City Disaster Recovery Site to meet SLA.• Identify opertaion risks and propose mitigation plans of Core Business Application System in Data Center,Same City and Remote Disaster Recovery Site.• Mentor and Support all team members. Show less