Jobie So

Cybersecurity & Data Protection | CISA | Microsoft Certified | Claroty Certified | Splunk Certified

Hong Kong, Hong Kong SAR

About

Experience

  • Senior Consultant at Sia
    Mar 2026 - Present · 5 mos

    Cybersecurity & Data Protection Services

  • Senior Security Consultant (& Business Development Executive) at Undisclosed
    Sep 2025 - Feb 2026 · 6 mos

    • Led business development initiatives for technical testing, security risk assessments and privacy compliance across industries such as luxury retail, financial services, telecommunications • Managed penetration testing projects with hands-on involvement

  • Consultant at Protiviti Hong Kong
    May 2024 - Aug 2025 · 1 yr 4 mos

    Security and Privacy, Technology Consulting • Conducted privacy compliance with gap analysis and maturity assessments leveraging NIST Privacy Framework, General Data Protection Regulation (GDPR) and Data Protection Principles (DPP) • Conducted security assessments, such as GL20 assessments for insurers, security review with NIST CSF and security audit • Conducted penetration testing across various domains including web applications, network infrastructure and API security to clients in financial service, luxury retails and telecommunication • Spearheaded multiple security and privacy assessment projects as the field lead, overseeing end-to-end execution, client communication, and delivery of compliance recommendations aligned with industry standards

  • Junior Associate Security Consultant at NTT Ltd.
    Sep 2022 - Mar 2024 · 1 yr 7 mos

    • Conducted vulnerability assessments and penetration testing to identify vulnerabilities in the organization's systems and applications. • Conducted governance, risk, and compliance (GRC) assessments to identify and remediate risks by identifying areas of improvement related to cybersecurity and other areas of the organization. • Performed penetration testing to identify vulnerabilities and recommend measures to improve the security posture of the organization's IT infrastructure. • Maintained up-to-date knowledge of emerging cybersecurity threats and technologies to ensure the organization's security posture remains effective and resilient.