Vincent Wai-chung LEUNG
CDPSE, CISM, CISA, CISSP
Lantau
Summary
With over 30 years’ IT working experience, Vincent has extensive experience in cyber security especially security transformation, security operations, security integration for new acquisitions and startups, and large-scale security related projects. He has also equipped himself with deep technical knowledge in broad range of security technologies, including cloud security, network security, Internet security, application security, endpoint security, vulnerability management, identity and access management, mobile devices security, incident response and threat intelligence. Vincent has obtained most major information security certifications, including CISSP, CISA, CISM and recently CDPSE. He also took formal training in Enterprise Architecture and obtained the TOGAF 9 certification. Vincent is business-oriented, objectives focused, able to manage stakeholders and work with all levels of personnel from end users, sub-ordinates, vendors to executives. He is strong in managing security in terms of budgeting, planning, sourcing and executing security strategies. He is also highly experienced in designing security architecture, providing security consultancy and implementing security solutions including those on cloud platforms. He has strong networking with other information security practitioners, solution vendors and service providers in Hong Kong.
Overview
35
35
years of professional experience
7
7
years of post-secondary education
3
3
Languages
Work History
Security Architect
Pinpoint Asia
12.2021 - Current
- Being assigned to a global investment bank, worked as a security architect in the China Onshore Domain (COD) Program.
- Working with other peer security architects to review the security of various infrastructure solutions, ensuring compliance with the security standards and security architecture blueprints before granting the 'Permit to Build' and 'Permit to Operate'.
- Completed the security design review with >100 case writeups for different types of applications and infrastructure solutions in COD network, including Microsoft BitLocker, Microsoft Defender, Symantec Endpoint and Network Prevent DLP, Red Hat Satellite, ReversingLabs secure.software, NetApp SANtricity, Cisco Threat Grid, FortiSandbox, etc.
- Produced COD-specific Security Blueprints based on the security controls identified.
- Collaborated with cross-functional teams for seamless integration of security protocols into existing infrastructure.
- Championed change management processes to minimize disruptions during the rollout of new security initiatives.
Information Security Technical Lead
Oliver James Associates
05.2021 - 11.2021
- Being assigned to ManuLife Asia with business in 10 markets in Asia, worked as a key member of the Path to Green Team under the Regional Technology and Operations Governance function.
- Improved the specific Key Risk Indicators (KRI) via driving several 'Path to Green' projects, including the implementation of multi-factor authentication on the external facing systems used by customers, security logging on applications with critical data, and on-boarding of privileged accounts onto CyberArk.
Assistant Vice President, Group IT Security
FWD Group Management Holdings Limited
05.2015 - 04.2021
- Led the Group IT Security Operations function and successfully built a team with 12 persons in Malaysia that led to reduction of overall security operations cost by 50% and increased level of process maturity.
- Centralized the operations of various security technologies for the whole Group, including McAfee, Qualys, Tenable, CrowdStrike, Splunk, Checkpoint & Palo Alto firewall rules review, Symantec Email ATP/DLP, F5 ASM and CyberArk, such centralization has standardized the security operations across the group and facilitated the generation of the KRI which previously could not be produced from countries in an effective way.
- Involved in the 'Cloud First' strategy by operationalizing the use of Qualys Cloud Security in scanning Docker images in Amazon AKS, scanning runtime containers to detect container and orchestrator risks and integrate with Jenkins CI / CD tools.
- Delivered the work required to integrate the cyber security functions with the Group for new startups and acquisitions including the planning, budgeting and actual transition of existing security solutions to FWD Group equivalents, leading to the success integration for the acquisition of SCB Life Thailand, PT Commonwealth Life Indonesia, Vietnam Cardiff Life Insurance and MetLife Hong Kong.
- Improved the maturity of cyber security across the Group via the development and enhancement of the Group IT security standards and processes in conjunction with Group Risk, ensure relevant processes and controls are implemented across the Group, and invite PwC to conduct a comprehensive cyber security maturity assessment which includes a red team blue team testing.
- Increased the level of security awareness by initiating regular phishing tests, user communications and explanation of the security program to the executive board members.
Information Security Manager, Global Risk Security and Compliance (GRSC)
AXA Technology Services Asia (Hong Kong) Limited
09.2011 - 04.2015
- Support AXA Tech strategy, which incorporates the AXA Group Information Security Standards, compliance with global and local regulations; Risk and security governance structure established in alignment with the security strategy of AXA customer entities in Asia – Hong Kong, Singapore and Indonesia.
- Manage the security activities effectively, closing all the Hong Kong and Indonesia IT General Controls Audit issues raised by the Audit Team by December 2013 and December 2014 respectively.
- Co-ordinate all compliance related IT activities, e.g. completion of the SOX ITGC testing for AXA Hong Kong by December 2014 - testing document signed off by management and remediation plan being laid down for tracking.
- Ensure to govern the satisfaction of security requirements being raised by clients, with regular security dashboards with metrics produced on the infrastructure security controls being delivered to the customer entities.
Enterprise Information Security Architect
Cathay Pacific Airways Limited
11.2005 - 06.2011
- Define, direct & execute security strategy and infrastructure roadmap with internal and external resources.
- Improve infrastructure security via the implementation of security solutions, such as network intrusion prevention and detection, endpoint protection, single sign on and access control system, and so on.
- Perform solution architecture review on applications, network and infrastructure, operating systems and database during the design and post implementation phase.
- Provide consultations to project teams in designing internal controls to ensure compliance with the applicable policies and standards.
- Advise IT Risk and Security Manager in IT risk management and operational efficiency.
- Consistent implementation of security controls in business solutions via security review and identification of potential weaknesses from solution design documents.
IT Architecture Consultant – Information Security
Cathay Pacific Airways Limited
07.2000 - 10.2005
- Design and implement the information security governance, framework and process with the establishment of the information security steering committee.
- Develop and maintain the security controls in form of policies, guidelines, procedures and security solutions.
- Co-ordinate the security efforts by internal and external resources to ensure compliance with the security policies.
Business Analyst – Passenger Systems
Cathay Pacific Airways Limited
07.1990 - 06.2000
- Elicit and document business requirements for software development through working with various stakeholders and act as a liaison among various business departments to ensure that the requirements are rationalized and business goal is met in the delivered applications.
Education
Bachelor of Science - Electrical and Electronic Engineering
University of Hong Kong
Hong Kong 01.1986 - 01.1990
MBA - Business Administration
Ross School of Business, University of Michigan
Ann Arbor 01.1996 - 01.1999
Skills
Oracle
MS SQL
AS/400
Windows
RHEL
NetApp
Splunk
Devo
Qualys
Tenable
Symantec
Microsoft O365
CyberArk
undefinedExpected Package
HK$130,000, True, incentive bonus, MPF, basic medical benefits for family (four persons)
Personal Information
Nationality: Chinese
Current Package
HK$141,750, 12 months, 09/30/25
Timeline
Security Architect
Pinpoint Asia
12.2021 - Current
Information Security Technical Lead
Oliver James Associates
05.2021 - 11.2021
Assistant Vice President, Group IT Security
FWD Group Management Holdings Limited
05.2015 - 04.2021
Information Security Manager, Global Risk Security and Compliance (GRSC)
AXA Technology Services Asia (Hong Kong) Limited
09.2011 - 04.2015
Enterprise Information Security Architect
Cathay Pacific Airways Limited
11.2005 - 06.2011
IT Architecture Consultant – Information Security
Cathay Pacific Airways Limited
07.2000 - 10.2005
MBA - Business Administration
Ross School of Business, University of Michigan
01.1996 - 01.1999
Business Analyst – Passenger Systems
Cathay Pacific Airways Limited
07.1990 - 06.2000
Bachelor of Science - Electrical and Electronic Engineering
University of Hong Kong
01.1986 - 01.1990
Similar Profiles
ASUQUO IDONGESIT EDETASUQUO IDONGESIT EDET
Business Development Manager at PINPOINT INTERNATIONAL CONCEPTS LIMITEDBusiness Development Manager at PINPOINT INTERNATIONAL CONCEPTS LIMITED
Kelly TrinhKelly Trinh
Front Desk Coordinator/ Administrative Role at Pinpoint RehabFront Desk Coordinator/ Administrative Role at Pinpoint Rehab
GARNETT LETTGARNETT LETT
Locate Crew Chief at PinPoint LocatingLocate Crew Chief at PinPoint Locating
ANITA S. COONEYANITA S. COONEY
Employment Consultant at Goodhelp Services CompanyEmployment Consultant at Goodhelp Services Company
HEMANT TRIPATHIHEMANT TRIPATHI
Senior Network Subject Matter Expert at AIASenior Network Subject Matter Expert at AIA