Anok Yau
Sutton,Surrey
Summary
- Over 22 years experience in IT industry, with the last 10 years specifically focusd on IT security, IT risk and IT audit.
- An experienced IT Audit Manager, IT Risk Manager with more than 6 years of progressive experience in the IT industry. Expertise in IT governance, risk management, and compliance, with a strong understanding of various regulatory requirements such as ISO 27001, NIST 800-53, SWIFT IAF, PCI-DSS, and GDPR. Demonstrated experience in leading and managing IT audit teams and IT risk teams, developing and executing IT audit plans, identifying and assessing IT risks, and implementing controls to mitigate risks.
- An experienced IT security specialist with a proven track record of successfully identifying and mitigating security risks in complex IT environments. Skilled in vulnerability assessment and management, incident response, and security architecture design. Possesses excellent communication and leadership skills, able to build strong relationships with key stakeholders and lead cross-functional teams to achieve business objectives. A strategic thinker who can identify opportunities to optimize processes and systems to drive business value.
Overview
11
11
years of professional experience
Work history
Audit Manager (IT)
Nanyang Commercial Bank
Hong Kong
07.2020 - 11.2022
- Conducted IT audits in accordance with regulatory requirements and industry best practices, ensuring compliance and minimizing risk.
- Evaluated IT controls and processes to identify potential IT risks and provided recommendations for improvement, ensuring that clients' IT systems are secure and reliable.
- Developed and executed audit programs and testing procedures to assess IT controls and processes, ensuring comprehensive and effective audits.
- Prepared reports and presentations to communicate IT audit findings and recommendations to clients, building strong client relationships and providing valuable insights
IT Risk Manager
Nanyang Commercial Bank
Hong Kong
11.2016 - 07.2020
- Conducted risk assessments to identify potential risks and vulnerabilities in the organization's information systems and applications.
- Developed and implemented risk mitigation strategies and controls to ensure the confidentiality, integrity, and availability of information assets.
- Collaborated with cross-functional teams to ensure that risk management activities were integrated into the organization's overall operations.
- Prepared risk assessment reports and presented findings to senior management and key stakeholders.
- Conducted compliance assessments to ensure that the organization was meeting regulatory requirements.
Security Specialist
OCBC Wing Hang Bank
Hong Kong
03.2015 - 08.2016
- Supported the execution of the information security strategy, program, policies, standards and reporting.
- Implemented IT security solutions for end-user to fulfill their requirements i.e. Anti-web-defacement, Control Compliance application and Data Center Security.
- Conducted periodical review on such platforms, revise security related procedures.
- Procedures and processes alignment for Cyber Security framework.
- Supported the overall system and network security of the company to meet the control and compliance i.e. HKMA requirements, company's Risk Management.
Systems Security & Control Specialist
Hong Kong Interbank Clearing
Hong Kong
05.2012 - 03.2015
- Developed and maintained IT security policy and procedures and communicate with senior management on security policy implementation.
- Supported the execution of the information security strategy, program, policies, standards and reporting.
- Maintaining the ISO9001 and ISO27001 framework, risk assessments and risk treatment plan with department heads.
- Implemented security definitions and controls on various infrastructure and network platform, i.e. ICLNet, SWIFTNet and internal network.
- Conducted periodical review on such platforms, revise security related procedures.
- Assure confidentiality and integrity of production systems.
- Provided advices on access control management in key system projects and participate in security related project implementation.
- Support the overall system and network security of the company to meet the control and compliance.
Education
BSc (Hons) Business in Information Technology -
Staffordshire University
/2008 - /2010
Skills
ISO 27001
HK Cybersecurity Framework (NIST 800-53)
SWIFT IAF
HK TRM / e-Banking / BCP framework
Languages
English
Advanced
Timeline
Audit Manager (IT)
Nanyang Commercial Bank
07.2020 - 11.2022
IT Risk Manager
Nanyang Commercial Bank
11.2016 - 07.2020
Security Specialist
OCBC Wing Hang Bank
03.2015 - 08.2016
Systems Security & Control Specialist
Hong Kong Interbank Clearing
05.2012 - 03.2015
BSc (Hons) Business in Information Technology -
Staffordshire University
/2008 - /2010
Similar Profiles
Wen Wei HuangWen Wei Huang
Products Manager, Investment Products Division at Nanyang Commercial BankProducts Manager, Investment Products Division at Nanyang Commercial Bank
Man Yee Aloyse WONGMan Yee Aloyse WONG
Manager at Shanghai Commercial BankManager at Shanghai Commercial Bank
Wai Choi Chung (SAM)Wai Choi Chung (SAM)
Vice President of Lending at China Construction Bank (Asia) Corporation LimitedVice President of Lending at China Construction Bank (Asia) Corporation Limited
Anisha JahanAnisha Jahan
Sales assistant at ArtisanSales assistant at Artisan
James SchenckJames Schenck
Y6 Class Teacher and Maths Coordinator at Foresters Primary SchoolY6 Class Teacher and Maths Coordinator at Foresters Primary School