David Chang Qing Hao

Experienced with implementing robust security protocols to protect sensitive information. Utilizes advanced threat detection and mitigation strategies to prevent data breaches. Track record of developing and leading security awareness programs to enhance organizational security posture.

• Regional Information Security Manager for UPS Asia Pacific
• Fully responsible for all Information Security matters in the Asia Pacific region via being in regional risk committee as trusted advisor, responsible for designing and execution of information security awareness program for Asia.
• Built local capability in Asia to perform the information security GRC functionality such as security risk assessment, establishing information security agreements, security architectural reviews and customer security assurance requests.
• Ensure compliance to any Asia Pacific country local cyber security regulations such as China's Multi Level protection scheme, cross border data transfer and personal information protection regulations.
• Matrix reporting into UPS corporate information security to ensure Asia representation for security policy, standard and technology changes and reviews
• IT Security Operations Management for CIMB Bank
• Administration, manage and maintain Bank's security controls system like ID access management, proxy, endpoint security, intrusion detection system, data leakage system, database monitoring, network access control and security incident events management.
• Act as subject matter expert for all security related incident and incident escalation.
• Act as project manager for security enhancement projects like proxy tech refresh, network access control tech refresh, intrusion detection system enhancement and advanced malware protection
• Participate in projects meeting and change management committee meetings as security advisor to the business units.
• Cyber Security Professional Services
• Part of a cyber security service section in PWC Singapore focus on providing all forms of security services to clients including security auditing, penetration testing, security assessment, data leakage strategy development, security awareness training program development.
• Completed a successful security auditing work for one of Singapore’s largest asset management firm.
• IT Security Operation Centre Management for Singapore Civil Defense Force
• Created Singapore Civil Defense Force IT Security Incident Response Policy based off IM8 & MHA security policies.
• Management of Singapore Civil Defence Force IT Security Monitoring and Incident Response team
• Plan, review and overseeing of development of IT Security Operations Centre Roadmap with external consultancy firm
• Establish Security Incident Response Procedures and Incident Playbook
• Enhanced and managed daily operations of existing log management solution for Security monitoring and incident responding use cases.
• Plan and overseeing development of 24/7 ready Operations room for future development and execution of IT Security Operations Centre Roadmap
• IT Security Road Map for Bridgestone Asia Pacific & 13 Regional Group companies
• Did a 5 years short term, midterm and long term security plan & budgeting for Bridgestone Asia Pacific HQ and it’s 13 regional group companies
• Detailed plan includes implementation of regional firewall operation & platform, centralized log management solution, data leakage prevention solution, setting up security operation team & Computer Security Incident Response team.
• Completed planning, design, vendor selection and oversee implementation of centralized log management solution for Singapore.
• Completed planning, design, vendor selection and oversee implementation of regional firewall operation for Singapore
• Completed 5 year budgeting for all security projects in Bridgestone Asia Pacific Region.
• IT Security Policies review/rewrite for Bridgestone Asia Pacific
• Review & rewrite outdated policies for Bridgestone Asia Pacific based on ISO27001 & ISO 27002
• Part of Bridgestone Asia Pacific global security team based on in USA Nashville.
• Working with global security team in Bridgestone Corporation to rewrite Global Security Policy
• Working with each group companies to create Asia Pacific Regional Security Policies
• IT Security Auditing (Audit 12 MINDEF/SAF IT Systems)
• Windows OS Hardening
• Networking Device Auditing
• Server configuration compliance Auditing
• Web application Auditing
• Security Incident Response (Did 3 Cases of Security Incident Responding in MINDEF/SAF)
• Incident Response Skillset
• Basic Forensics
• Pen testing (Involved in 3 Cyber RED/BLUE exercise as part of RED Team)
• Network Pen testing
• Web Application Pen testing
• Microsoft Security Product (SERA) (Advance Analyst as well as part of project development/Deployment team for 2 years)
• Advance Analyst