About Me

Who am I ?
I am an information security and audit professional, with over 15 years experience in financial services in the UK.
What have I done recently ?

I have been working as an Information Security Manager, where I was responsible for the security framework, security of : implementation of processes; network ; resilience of processes and infrastructure, BCP (business continuity planing), ITSM (IT service management).

How you can contact me

You can find me on linkedin; from there you can see my full profile and send me messages.

https://uk.linkedin.com/in/chunwong

A Summary of my work history

I am experienced in the design, delivery, operations and oversight of IT security infrastructure and processes.

I thrive and enjoy working on business transformation and transition projects, with an emphasis on providing practical and pragmatic advice and solutions.

Prior to that I worked for BNP Paribas between 2001 and 2014. Most recently with the internal audit department, working with key business stakeholders, producing regular risk assessments, investigating high-value incidents involving the failure of IT systems or processes, security incident reviews and full participation in audit assignments covering different entities within BNPP.

Wide-ranging experience of writing security policies, the implementation, operation and assessment of security controls, application controls. I have also managed projects across EMEA, leading virtual teams in multiple locations, where resources were assigned on a project basis for the deployment of security infrastructure.

Key Skills

• Interpretation and articulation of technical and governance issues and requirements.
• Risk based audit of IT processes and systems.
• Investigations of high-value or high impact incidents.
• ISO27001
• PCI DSS 3.1

Recent Achievements

• Creation of an ISMS supported by IS policies and processes.
• Alignment of ISMS with DWP (UK government department) security requirements.
• Creation and delivery of Security Awareness training programme.
• Establishment of a group wide Information Security Working Group.
• Responsible for the recruitment of an Information Security and Data Protection team.

Professional Qualifications Summary

• ISC(2) CISSP
• ISACA CISA
• ISACA CISM
• COBIT 5
• ISO27001 Lead Auditor
• PCI DSS Implementation
• GDPR (General Data Protection Regulations)
• TOGAF
• ITIL V3 Foundation and ITIL Service Offerings & Agreements
• PRINCE2 Practitioner
• Cisco CCNA

I have also been awarded:

  • MSc Interactive Computing Systems Design
  • BSc with Honours in Information Technology

 

Before all this ….

How it all started

My background is technical, starting as a toddler, I loved taking things apart to see how they worked. At this time, the process was a one way street, the widget never worked again. I progressed from destruction to deconstruction and repair.

… to be continued

 

Leave a Reply