Wing Hang HO
CISSP, CISA, CISM, CDPSE, CCSK, C|EH, ISO27001 Foundation
Hong Kong,New Territories
Summary
A strategic and innovative information security profession drives the company's vision into business initiatives with comprehensive cybersecurity development.
Overview
28
28
years of professional experience
18
18
Certifications
Work History
Senior Manager, Information Security
Blue Cross (Asia-Pacific) Insurance Limited
4 2023 - 1 2024
- Security strategic planning and adoption to ensure compliance with the Group security strategy
- Conduct regular review of policies and procedures to compliance with the regulatory requirements
- Act as a consultant to advise on different projects and collaborate with project managers within the company to ensure projects are on track
- Participated in AIA migration project in security consultation regarding three waves of applications' security assessment results, data migration towards AIA cloud, and office migration consultation about the security concern of data center
- Oversees vulnerability scanning and penetration testing for ongoing system related changes
- Develops and coordinates security awareness and education programs across the company
- Planning and governance the cybersecurity drill exercise
- Oversees and conducts regular review for the adoption of security systems and tools
- Lead the cybersecurity team to participate in risk management regarding cybersecurity risks
- Evaluate and oversee the risk mitigation based on the firm initiatives and projects
- Perform third parties risk assessment and audit follow up.
Manager, Security & Projects
Techtronic Industries Company Limited
07.2022 - 03.2023
- Lead the Security Team of TTI, managing cybersecurity projects in different countries within the Asia region such as South Korea, Japan, China, Taiwan, Hong Kong, and Vietnam
- Work with Global Security Team to establish strategic security planning based on the latest security maturity of the company
- Enforce company cybersecurity policies and compliance
- Drive for regular reviews and updates of cybersecurity policies, standards, procedures, and guidelines
- Act as a consultant to advise on different projects and collaborate with project managers within the company to ensure projects are on track
- Participate in RPA project security consultation regarding the second phase of RPA external access control design solution such as reverse proxy solution
- Manage cybersecurity incidents with MSSP to verify, investigate, and collaborate with various teams to report & resolve cybersecurity incidents promptly
- Work with internal parties or vendors to conduct phishing tests, IT/OT security assessments, and penetration tests
- Liaise with stakeholders to educate and ensure cybersecurity best practice is considered throughout the system/application development or upgrade project in evaluating, selecting, installing, and configuring hardware, software, applications, and confidential data protection
- Conduct in-house cybersecurity awareness training.
Information Security Manager
Autotoll Limited
11.2021 - 07.2022
- Assessed and identified cybersecurity requirements, developed and implemented IT control processes according to prevailing standards, evaluated business strategies, and identified system integration issues
- Established and implemented security initiatives to ensure compliance with corporate information security policies and compliance standards
- Developed, reviewed, and maintained information security policies, procedures, system KPIs, BCP, and DRP
- Ensured periodic internal and external IT security and other audits were conducted according to the schedule
- Acted as a consultant to advise on different projects and collaborate with project managers within the company to ensure projects were on track
- Participated in the Free Flow Tolling System (FFTS) project security and privacy consultation by attending regular OGCIO meetings to ensure those requirements were met
- Led the Information Security Team in performing daily security tasks, such as reviewing security events and operational reports, responding to security incidents, and investigating cybersecurity alerts and potential threats
- Communicated to business units and cross-functional teams regarding security risk issues and control gaps, and recommended remediation initiatives
- Designed and conducted awareness by conducting information security training
- Managed and responded to security breaches and investigated violations if and when they occurred, recommended improvements, and minimized future disruptions.
Regional Information Security Officer
Hellmann Worldwide Logistics
01.2020 - 10.2021
- Monitored and managed regional/local laws and regulations for China, South Korea, Japan, Taiwan, Hong Kong, Singapore, Malaysia, Philippines, Australia, and New Zealand
- Contributed to internal Security-Standards (Policies) of Hellmann
- Transformed global policies into regional Standard Operating Procedures (SOP)
- Provided regular updates to global Information Security Management on the status of Information Security
- Analyzed industry security standards, best practices, emerging threats, vulnerabilities, and mitigation strategies and translated them into security strategies and recommendations to the countries and global team
- Reported key performance indicators (KPI) regarding Information Security (e.g., Patch-Management, AntiVirus, Vulnerability Management.) Coordinated and supported General Data Protection Regulation (GDPR) implementation
- Coordinated system security guidelines and issued additional guidelines and rules for Information Security
- Acted as a consultant to advise on different projects and collaborate with project managers within the company to ensure projects were on track
- Handled and completed surveys and questionnaires from customers
- Drove projects relating to security and contact with authorities and advisory bodies
- Collaborated with the China IT team on network segregation design for the sake of taxation system isolation with the Hellmann production network
- Managed Customer Audits
- Identified potential risks and performed Impact Analysis
- Initiated and monitored the implementation of security safeguards
- Investigated security incidents
- Monitored the health state of Hellmann security systems (e.g., Patch-Management, AntiVirus.) Monitored security risks, attack patterns, etc
- Maintained the Disaster Recovery Concept (DRP)
- Initiated and coordinated awareness-raising and training safeguards for Information Security, including information on risks and attack patterns mentioned above
- Participated in the phishing simulation exercise organized by the Global Security Team, analyzing results per country within the APAC region.
Senior IT Security Officer / Security Specialist
OCBC Wing Hang Bank
04.2017 - 01.2020
- Assessed and established security policies alignment from OCBC Bank for the sake of adopting locally for OCBC Wing Hang
- Conducted process alignment and streamlined with OCBC Bank on demand
- Consolidated log review via different types of security platforms
- Delegated on the mobile app's protection solution project PoC review
- Designed and launched Penetration Test and Intelligence-led Cyber Attack Simulation Testing (iCAST) Projects via collaboration with third parties for penetration test and iCAST projects
- Acted as a consultant to advise on different projects and collaborate with project managers within the company to ensure projects were on track
- Arranged and conducted quarterly vulnerability scanning
- Validated findings and produced final reports relevant to system and application owners for further follow-up
- Performed compliance scanning via an established audit template based on OCBC Wing Hang Bank Hardening Guideline
- Conducted Central Security Operation Centre findings response
- Operated requisitions within Information Technology Division, mainly the firewall change request and data loss prevention rule set
- Assisted in-house cybersecurity awareness training
- Mobile apps protection solution project PoC review
- Central Security Operation Centre incident handling.
Security Consultant
Thales Transport & Security (Hong Kong) Limited
09.2014 - 01.2016
- Delivered accurate and valuable security assessment data to generate recommendations for the external client
- Participated in PCI-DSS-related projects for the local company, such as system hardening and SIEM configuration
- Provided proof-of-value (PoV) for the client-facing an advanced persistent threat (APT) attack, analyzed and recommended the remediation process after the project ended
- Acted as solution owners and implementers, studying the requirement of the client, owning and delivering the solution within the required budget, expected customization, and timeline
- Pre-sales role was mainly focused on third-party solution delivery from Thales to the client, assisting the sales team in exploring the new opportunity with existing and potential clients
- Information analyst - analyzed scanning data and results related to the deliverable part of the role
- Newsletter - Provided the client with the latest security-related newsletter information, organized and delivered regularly for client updates
- IT Security Awareness Training - Course designed, scheduled, and conducted training based on the client's requirements.
Pre-sales Consultant
Maximus Consulting (Hong Kong) Limited
03.2014 - 08.2014
- Collaborated with the project managers within the company to ensure the projects were on track
- Handled new projects and current projects with potential and existing customers about the quality delivery and result analyst
- Provided ideas for how to improve sales with the Marketing Executive over the existing solutions to the customers
- Provided security advisory, risk analysis, documentation control, and project update with one of the largest worldwide insurance companies in Hong Kong under the service level and non-disclosure agreement.
Technical Consultant I (Team Lead)
Jardine OneSolution (Hong Kong) Limited
03.2012 - 02.2014
System Analyst (Supervisor)
Rectitech Group Limited (Hong Kong)
07.2011 - 02.2012
IT Support Specialist
International Christian School (Hong Kong)
02.2010 - 07.2011
Associate Technical Consultant I
Jardine OneSolution (JOS)
10.2008 - 02.2010
Multimedia System
LVMH
05.2007 - 09.2008
Senior System Engineer
Business Administration Limited, Deloitte Touche Tohmatsu
10.2000 - 10.2006
System Support Technician
Business Administration Limited, Deloitte Touche Tohmatsu
03.1997 - 09.2000
System Support Staff
Noble Star Management Limited
06.1996 - 02.1997
System Operator Trainee
KAO (Hong Kong) Limited
10.1994 - 05.1996
Education
Project Management Professional Training Program -
Kornerstone Institute
Certified Information Systems Security Professional Training Program - undefined
Kornerstone Institute
Bachelor Degree in Computer Science - undefined
Victoria University of Technology, South Australia, Australia
Management Certificate Programming for Computer Professional - Information Technology Management
Hong Kong Management Association, Hong Kong, China
HKCEE - Arts
Sing Yin Secondary School (Lam Tin)
Certification
Certificate of Cloud Security Knowledge (CCSK), Cloud Security Alliance, USA, 03/15/2024
Awards
Certificate of Achievement of Microsoft Server Superman 2006 & Microsoft Exchange Server 2003 Track
Timeline
Manager, Security & Projects
Techtronic Industries Company Limited
07.2022 - 03.2023
Information Security Manager
Autotoll Limited
11.2021 - 07.2022
Regional Information Security Officer
Hellmann Worldwide Logistics
01.2020 - 10.2021
Senior IT Security Officer / Security Specialist
OCBC Wing Hang Bank
04.2017 - 01.2020
Security Consultant
Thales Transport & Security (Hong Kong) Limited
09.2014 - 01.2016
Pre-sales Consultant
Maximus Consulting (Hong Kong) Limited
03.2014 - 08.2014
Technical Consultant I (Team Lead)
Jardine OneSolution (Hong Kong) Limited
03.2012 - 02.2014
System Analyst (Supervisor)
Rectitech Group Limited (Hong Kong)
07.2011 - 02.2012
IT Support Specialist
International Christian School (Hong Kong)
02.2010 - 07.2011
Associate Technical Consultant I
Jardine OneSolution (JOS)
10.2008 - 02.2010
Multimedia System
LVMH
05.2007 - 09.2008
Senior System Engineer
Business Administration Limited, Deloitte Touche Tohmatsu
10.2000 - 10.2006
System Support Technician
Business Administration Limited, Deloitte Touche Tohmatsu
03.1997 - 09.2000
System Support Staff
Noble Star Management Limited
06.1996 - 02.1997
System Operator Trainee
KAO (Hong Kong) Limited
10.1994 - 05.1996
Senior Manager, Information Security
Blue Cross (Asia-Pacific) Insurance Limited
4 2023 - 1 2024
Project Management Professional Training Program -
Kornerstone Institute
Certified Information Systems Security Professional Training Program - undefined
Kornerstone Institute
Bachelor Degree in Computer Science - undefined
Victoria University of Technology, South Australia, Australia
Management Certificate Programming for Computer Professional - Information Technology Management
Hong Kong Management Association, Hong Kong, China
HKCEE - Arts
Sing Yin Secondary School (Lam Tin)
Certificate of Cloud Security Knowledge (CCSK), Cloud Security Alliance, USA, 03/15/2024
PECB Certified ISO/IEC 27001 Foundation, ISFO1095368-2022-01, PECB, USA, 01/25/2022
Certified Data Privacy Solutions Engineer (CDPSE), 2002948, ISACA, USA, 06/23/2020
Certified Information Security Manager (CISM), 1944822, ISACA, USA, 02/14/2019
Certified Information Systems Security Professional (CISSP), 98136, ISC2, USA, 07/01/2018
Certified Information Systems Auditor (CISA), 16135022, ISACA, USA, 12/07/2016
Varonis Certified Technical Associate, Varonis, Israel, 07/14/2015, Installation of DataVantage, Operational Use of DataVantage, Advanced Installation of DataVantage, DataPrivilege Operations and Administration, DataAnywhere Installation and Configuration, Varonis Sales Certified, Varonis Sales Certified – Advanced
FireEye System Engineer, 180705, FireEye, USA, 01/15/2015
Certified Ethical Hacker (C|EH) version 8, ECC73554378556, EC-Council, USA, 10/04/2014
Check Point Certified Security Expert R75, Check Point Software Technologies Ltd, USA, 09/2012
Check Point Certified Security Administrator R75, Check Point Software Technologies Ltd, USA, 05/2012
Certificate in ISO20000 Auditor, The IT Service Management Forum, United Kingdom, 12/2010
Certificate of Managerial Effectiveness Program, Jardine OneSolution, Hong Kong, China, 11/2009
EXIN Examination Institute for Information Science, United Kingdom, ITIL Version 3 Foundation Examination, 03/2009
Certified Support Professional 10.5, Apple Inc., USA, 01/2009
Certified System Administrator – Lotus Notes and Domino 7, International Business Machines, USA, 05/2007
Certified in Cisco Network Associate (CCNA), CISCO Systems Inc, USA, 07/2005
Certified of Excellence in Microsoft Certified Systems Engineer on Microsoft Windows 2000, Microsoft, USA, 03/2001
Similar Profiles
Madhuri DivyaMadhuri Divya
Security Administrator at Pacific Blue CrossSecurity Administrator at Pacific Blue Cross
Jasmine Britney JonesJasmine Britney Jones
Health Advocate Specialist at Blue Cross Blue Shield InsuranceHealth Advocate Specialist at Blue Cross Blue Shield Insurance
Kiran BhunguKiran Bhungu
Customer Service Representative at Pacific Blue CrossCustomer Service Representative at Pacific Blue Cross
Ryan LeeRyan Lee
Teacher at The Boys and Girls Clubs Association of Hong KongTeacher at The Boys and Girls Clubs Association of Hong Kong
Masieh AliMasieh Ali
ACCOUNTING INTERN at Husk Power SystemACCOUNTING INTERN at Husk Power System