Andy Tsou

Cyber Security Manager at Deloitte | CISM | CISA | ISO27001 | ISO27701 | ISO42001

Taipei, Taipei City, Taiwan

About

With over 7 years at Deloitte Taiwan, I’ve led cybersecurity and privacy transformation for 40+ clients, including Fortune 500 tech firms and Asia’s top banks. Specializing in NIST Cybersecurity Framework, ISO 27000 series, privacy compliance and AI-driven security, I’ve delivered $3M+ in strategic initiatives and aligned programs with GDPR, CPRA, and SOC 2 for U.S. market expansion. Certified in CISA, CISM, and as an ISO 27001/27701/42001 Lead Auditor, I thrive at the intersection of technical expertise and business value, advising C-level leaders and managing global teams to secure digital futures. Passionate about AI governance and cloud security, I’m eager to drive impact in the U.S. and Taiwan.

Experience

  • Deloitte (Full-time · 7 yrs 11 mos)
    • Cyber Security Manager
      Aug 2022 - Present · 4 yrs

      • Led cybersecurity transformation and risk management for 40+ clients, including Fortune 500 tech firms and Asia’s top banks, aligning with ISO 27000 series(ISO27001, ISO27701, ISO27017), NIST Cybersecurity Framework to deliver business-driven resilience across U.S. , EMEA and APAC markets. • Designed and executed privacy and data protection programs for over 40 organizations, leveraging ISMS/PIMS management system, GRC tools(e.g. onetrust) to ensure GDPR, CPRA, and SOC 2 compliance. • Directed cyber risk, incident response, and cloud security transformation initiatives, applying Cloud Security Alliance CCM and ISO 27017 to secure cloud environment of finance client and comply with governmental requirements. • Managed cross-functional teams (3-10+ members) for 5+ years, delivering $3M+ cybersecurity and privacy transformation projects for Fortune 500 companies and governmental entities, mentoring staff and advising on privacy regulation(GDPR, CCPA, CPRA, PDPA), NIST and ISO 27000-aligned strategies. • Excelled as a strategic advisor in sales and pre-sales consulting, building trusted relationships with 40+ global clients (e.g., technology, finance, consumer, e-commerce, public sector) by translating expertise in ISO standards(ISO27001, ISO27701, ISO2701, ISO27799, ISO42001), Privacy regulation( GDPR, CPRA, PDPA), CMMC, Cloud Security Alliance CCM, NIST and AI security into multimillion-dollar business outcomes.

    • Cyber Security Assistant Manager
      Aug 2021 - Jul 2022 · 1 yr

    • Cyber Security Consultant
      Sep 2018 - Jul 2021 · 2 yrs 11 mos

  • Student Marketing Consultant at ARA
    Mar 2016 - Aug 2016 · 6 mos

    •Provided consultations and recommendations for Applied Research Association to establish the Energy Saving Control Unit marketing strategy and evaluated up to 10 potential manufactures in current market. •Analyzed competitive advantages for manufacture and outsourcing strategy with 4 major potential partners of the new technology. •Developed a proprietary client model by Excel VBA and simulation analysis to forecast optimal market size using historical data trend.