Dae Geun Lee Email and Phone Number

• Conducted a deep-dive assessment and develop strategies against cloud-related compliance requirements in APAC countries (e.g., Australia Hosting Certification Framework, Singapore MAS Guideline on Outsourcing, Singapore Cybersecurity Act, Philippines Data Privacy Act, Korea Electronic Financial Transaction Act, Korea Network Act, Korea Cloud Act, Korea MSIT Information Security Disclosure and Korea Personal Information Protection Act);• Supported regulatory examinations/inspections (e.g., Australian Hosting Certification Framework, Hong Kong Monetary Authority, Bank of Indonesia, Indonesia Otoritas Jasa Keuangan, Korea Financial Supervisory Service and Korea Financial Security Insititute);• Developed/Operated new systematic mechanisms to satisfy compliance requirements in APAC countries (e.g. Australia Hosting Certification Framework, Singapore Cybersecurity Act, Philippines Data Privacy Act and Korea MSIT Information Security Disclosure); and• Engaged the APJ regulators including Monetary Authority of Singapore (MAS) and Financial Services Commission (FSC) to do trainings and advocacy engagements to discuss cloud-related compliance requirements.

Regulatory Compliance Task• Conducted a deep dive assessment against regulatory changes in cloud-related regulations in Korea, which aims to a) provide the feedback paper to the regulatory stakeholders such as responsible regulatory bodies or influencing industrial organizations and b) work closely with internal stakeholders to assess and implement feasible solutions to comply any potential regulatory gaps (e.g., Network Act, Cloud Act, Personal Information Protection Act, Electronic Financial Transaction Act, Act on Prevention of Divulgence and Protection of Industrial Technology);• Developed compliance guidance contents for regulated customers (e.g., whitepaper) and conducted customer-facing compliance sessions (e.g., Seoul Summit); and• Supported engagements with regulatory bodies in various vertical industries including financial and public sectors.Completed Certifications and Inspection• Korea Information Security Management System (K-ISMS) certification (Dec 2017 – Dec 2022)• Korea Financial Security Institute (FSI) Cloud Safety Assessment (Oct 2019 – Dec 2022)• Korea Financial Supervisory Service (FSS) inspection to support the FSI customers’ financial business licenses in Korea (e.g. Electronic Financial Business Operator (EFBO) and MyData business licenses)• Singapore MTCS (Multi-Tiered Cloud Security) certification for Seoul Region (Oct 2018 – May 2019)

Global Information Security/Data Protection Program Assurance• Conducted deep dive assessments and develop strategies against various regulations which could impact the overseas business entities in U.S., EU and China and conducted (e.g., EU-GDPR, China Cybersecurity law, NY Cybersecurity regulations);• Developed Global standard security and compliance framework programs for overseas business entities to self-assess their security and compliance postures;• Supported overseas business entities’ information security and data protection reinforcement programs such as implementing security policies/processes/tools; and• Supported overseas business entities’ information security related audits or/and assessments

IT Security and Compliance Audit Assurance• Supported IBM internal IT audits and deep-dive inspections on IT outsourcing projects across the EU to ensure their operations are aligned with the customer-agreed policies and local regulations (Locations: Denmark, Brazil, Germany, UK, Kenya, France, Italy, Czech and etc); and• Supported the internal readiness assessment for the PwC SSAE 16 and customer auditsGlobal Security Process Architect, IBM Global Process team• Responsible for reviewing and re-designing Global security process to ensure all process controls are designed effectively for capturing potential risks and they are aligned with industry standards.• Provided consulting and education for global process delivery leaders

IT Risk and Compliance Specialist• Worked closely with internal and external stakeholders in IT outsourcing project to implement and execute the customer-agreed security policies;• Managed security/compliance programs and management system (KPIs) to address security risks and gaps across outsourcing projects;• Supported internal/external audits; and• Implemented Identity and Access Management controls (solutions and processes) in Africa entities

I was responsible for implementing information security programs into IBM IT outsourcing projects to satisfy customer's industrial requirement and compliance requirements by regularly validating systems administrators are operating systems in line with customer security policy, providing consultation and education services for customers and IBM employees, leading security solution implementation projects, and supporting various internal and external compliance programs such as ISMS and ISO 27001.• Partnered with customer and supported the project team to implement security programs• Managed security/compliance programs and their management system (metric) to address security risks and gaps across outsourcing projects• Provided consulting and support for internal/external audits• Managed IAM solutions and enabled IAM processes in Africa

I was responsible for researching healthcare industry trends and managing various IT-based marketing communications through social network and company website.

I was working as Computer Emergency Response Team (CERT) for 24/7 to conduct the various security monitoring for IT infrastructure of Republic of Korea Air Force (ROKAF). In addition, I was responsible for operational activities for Operating Systems, DBs, and Network devices such as trouble shooting and backup. • Operated servers, databases and network devices