EssilorLuxottica – APAC Regional Information Security Officer
Shanghai | Dec 2020 – Present
- Spearhead information security strategy for APAC, aligning 20+ entities with corporate policies and regional regulations
- Lead risk-based security programs: Third-party risk assessments, PCI compliance, and DPIA for data privacy.
- Partner with JVs and internal stakeholders to implement controls, reducing exposure to cyber threats.
- Oversee critical asset risk assessments (applications, entity) and audit remediation.
Visteon Asia Pacific Inc. –
Manager, IT Risk & Compliance
Shanghai | Oct 2011 – Mar 2019
- Served as APAC IT Security Representative, guiding regional teams on vulnerability management, SOX controls, and internal audits.
- Managed data center assessments and security projects, ensuring compliance with corporate standards.
Ernst & Young (Advisory Services) –
Manager, IT Audit & Risk
Shanghai | Oct 2009 – Sep 2011
- Directed 70+ external audits for MNCs, SOEs, and private firms, ensuring compliance with SOX (U.S./Japan), PRC, and financial reporting requirements.
- Led teams to define audit scope, manage budgets ($1.1M+), and deliver actionable findings.
Ernst & Young (U.S.) –
Manager, Internal Audit & SOX
San Francisco, CA | Jul 2007 – Sep 2009
- Program Manager of internal sox engement for Charles Schwab’s process optimization.
- Designed Kaiser Permanente’s SOX PMO, creating heat maps/metrics to track 80+ projects annually.
Texas Instruments –
Senior IT Auditor / Project Leader
Dallas, TX | Aug 2001 – Jul 2007
- IT Audit: Conducted SOX audits, trade compliance reviews, and data center assessments.
- Asset Management: Managed 21-member global team to redesign asset management processes (99% data accuracy for $1.5M assets).
- Process Innovation: Deployed RUP for project management, SAP Logistics expertise, and cultural training for 500+ employees.
