China
Experienced security with a demonstrated history of working in software and internet industry. Strong protective services professional skills in Telcom/Communication/Ecommerce/Finance/Consulting industry, familiar with compliance, anti-fraud, Security Development Life Cycle ,threat modeling, penetration test, vulnerability management, privacy protection,security incident and risk management. WeChat Offcial Account(微信公众号): SecurityDAO(安全道)
Build and optimize brand new information security process and system to empower China business, including: strategy/policy/standard/process/management system/training/etc. used to detect/rate/track the risks of technology and compliance (CSL/DSL/PIPL/etc.). Manage data security, including data classification policy/matrix and data handling standard, access control, usage, external sharing, cross-border transferring, etc. Handle daily security operation work, such as project security review, internal/external audit, regulatory compliance projects.
Head of security operation center and security engineering of China
Operate my WeChat official account and write information security articles to share with the followers, then they can learn from the articles.
Overall manage security of China region by leading application security, data security, network security, security architecture, identity and access management, cloud security, security infrastructure. There are 20+ members in team. 1.Define and implement information security strategy for China 2.Define and implement security policies used by departments 3.Work with legal/compliance team to ensure business complies with CSL/MLPS/PIPL/CFA/PBoC/ISO27001/SOX and internal policies 4.Manage data security (including privacy) of payment business from data gathering to data destruction 5.Manage and operate identity and right/access control for both production and corporation environment 6.Work with stakeholder teams to handle security risks 7.Work with stakeholder teams to handle security incidents 8.Manage vendor security program 9.Define/Implement secure software development life cycle for business applications and systems. 10.Manage and operate WAF/Anti-DDoS/IDS/VPN/Rate Limiting/DLP/Proxy network security services. 11.Manage and operate all other security infrastructure, such as Cloud/HSM/PKI. Main Achievements: 1.Complete security services setup in primary and disaster data center. 2.Support business to complete first time going live of systems for China marketplace in 2022. 3.Participate to complete payment license renewal and MLPS level3 certifying in 2021/2022
Responsibility: 1.Build/Improve DevSecOps process for cloud BU 2.Perform security review for cloud services 3.Build universal work platform of security engineering used to manage all security engineering work.