Head, IT and Cyber Security Risk Management at CIMB Bank Berhad (2018-12 – 2025-07)
Built Technology Risk Management Centre of Excellence to support CIMB Group Technologies. Identified, analyzed and assessed cyber security risks and implemented cost effective emerging technology. Aligned IT strategy with business goals.
- Built Technology Risk Management Centre of Excellence (TRM COE) to support CIMB Group Technologies.
- Identify, analyze and assess cyber security risks and implement cost effective emerging technology to identify, protect, detect, response and recover from cyber threat incidences.
- Align IT strategy with business goals by ensuring that IT investment support and drive organizational objectives.
- Developed and operationalized Technology Risk Management Framework and Policy, Cyber Resilience Framework and Policy, Cloud Risk Management Framework and Policy, Emerging Technology Risk Framework and Policy, AIML Risk Framework and Policy, Technology Risk Appetite Statements - comply to RMiT.
- Developed and operationalize the impact of cyber incident during crisis to Group Crisis Management Committee.
- Developed Cyber Incidence Response Procedures (CIRP) and Cyber Response and Recovery Procedures (CRRP) for 1LOD.
- Designed and orchestrate Red Team and Cyber Drill /Crisis Management desktop/simulation exercise.
Principal Consultant, TSS Advisory APJ at Veritas Technologies (M) (2016-01 – 2018-11)
Provided advisory and consultancy services to enterprise customers from APJ on Information Management, Information Governance and Information Availability.
- Provided advisory and consultancy services to enterprise customer from APJ on Information Management, Information Governance and Information Availability.
- Developed datasheet for Veritas Risk Advisory (as-a-Service) for Enterprise Resilience, GDPR and BIA Advisory Programs.
- Provided training and coaching to technical sales and services teams across APJ.
- Delivered Information Governance for biggest retail company in Mexico and 2nd largest jewelry company in China.
Head, Group IT Security, Group IT Division at Hong Leong Bank Berhad (2009-11 – 2015-04)
Reduced long outstanding audit and risk findings by 95% within 5 months and successfully complied with BNM GPIS1, PDPA, PCI-DSS and MAS TRM requirements.
- Reduced long outstanding audit and risk findings by 95% within 5 months and successfully complied with BNM GPIS1, PDPA, PCI-DSS and MAS TRM requirements.
- Provided updates and advisory roles to ITOC, GRMC, GMD, CIO, Senior Management.
- A PSC member for a successful Bank Merger between EON and HLBB.
- Developed IT Security Strategy and implemented Tripwire, MasterSam, DB Protect, SIEM, DLP, Anti-DDOS, Anti-Phishing, Source Code Review tool, Firewall Mgmt and eLearning Awareness Program.
VP, IS Risk, Compliance & Policies at Alliance Bank Malaysia Berhad (2006-12 – 2009-10)
Set-up IS Risk, Compliance & Policies Section and assumed the key role as IS Security Consultant. Conducted compliance reviews on IS functions and managed teams to facilitate IT risk reviews.
- Set-up IS Risk, Compliance & Policies Section and assumed the key role as IS Security Consultant.
- Conducted compliance reviews on IS functions to comply with legal & regulatory requirements, internal policies & standards.
- Managed & lead a team of managers and support staffs to facilitate IT risk reviews, compliance reviews. Developed and implemented policies, standards and procedures for Group IS.
- Managed to reduce long outstanding audit findings by 90% and ongoing audit findings by 75%.
Senior Manager, Group IT Security at RHB Bank Berhad (2000-05 – 2006-11)
Manager, Group IT Audit at PhileoAllied Bank Berhad (1994-08 – 2000-04)
Senior IT Specialist, IT Department at ABN Amro Bank Berhad (1982-04 – 1994-07)
