• Technical Information Security Advisor focuses on Walmart commerce platforms and emerging tech, growth and revenue tech. As technical leader of security architect and advisor, support architecture maturity for the business, work ahead of validation procedures, blending business and product requirements to ensure secure by design and secure by default, weigh technical risks to quickly identify prudent risks in the context of the business need. • Identifies and implements comprehensive, risk-informed security controls to enable the delivery of secure technology to customers. Proactively identifies technical solutions to lift the security posture of eCommerce.• Recommends updates to architectures to creatively solve problems in a secure manner while minimizing risk to Walmart and customers. Evaluating when exceptions would be applicable and following risk management processes to ensure these are monitored and documented effectively. Collaborate with businesses to advise on secure designs for solutions as they are developed with a primary focus on eCommerce and other platforms.• Utilizes the latest AI/ML knowledge and practical skills to proactively combat emerging cyber threats. Uses AI and ML tools to spot potential security problems faster, respond more effectively to attacks, and improve overall security processes. Protects AI tools from being hacked or misused and ensures AI is used responsibly and safely. Applies AI/ML techniques to improve cybersecurity operations, such as threat detection and incident response. Designs and implements security measures for AI/ML systems to ensure safe deployment in real-world environments. Conducts advanced security testing to identify vulnerabilities in AI/ML applications and systems. Addresses and mitigates AI-specific security challenges, such as adversarial attacks, data poisoning, and model theft. Develops and adheres to governance frameworks, ethical AI guidelines, and compliance standards.

• Research Assistant of Cybersecurity at MIT Sloan (CAMS), focused on the strategic, managerial, and operational issues related to cybersecurity.• MIT Engineering Leadership Program - Graduate Certificate in Technical Leadership• MIT Sloan China Lab Project Sponsor and Host of the “Universal Beijing Resort: Facing the Pandemic Challenges”

• Business and Technology leadership across C-Level teams, led global technology team on China strategy and information governance and risk management, held bi-weekly briefings for global legal and park technology teams on the latest cybersecurity and privacy matters and trends, supporting global initiative across the region.• Effective team leader and coach in strategy planning, motivation, and team dynamic across complex reporting structure. Led information security and compliance team of 14 members with system security, network security, data governance, incident management, service management and compliance reporting, building the cybersecurity practice from scratch in conjunction with Universal Park and Resort’s best practices.• Implemented and operated 12 on-premises and cloud-based (AWS, Azure, Tencent and Alibaba) security platforms by adopting DevSecOps and following agile principles and practices, including NGFW, SIEM, LB, WAF, etc. with a budget of $2,500,000.• Led ISO 27001, SOC, PCI DSS and several MLPS level 3 compliance and certification programs, with an annual budget of $900,000.• Drafted and formulated information security policy framework at 4 levels and built over 50 standards, procedures, and guidelines. Developed and coordinated over 100 sessions of company-wide information security awareness and training programs, covering more than 10,000 staff. • Organized assessments and audits for compliance with China and US Cybersecurity Law, Data Security Law, Personal Information Protection Law, data cross-border regulations, etc., across both back of house functional systems/teams and front of house business facing systems/teams.

• Initiated and managed General Data Protection Regulation (GDPR) compliance projects across Europe and Asia for AliExpress and Alibaba.com, driving GDPR compliance with a cross-function and cross business units’ team of 8 people, a budget of $800,000.• Supported compliance with Southeast Asian cybersecurity and privacy laws and regulations, conducted cross-border data assessments, cybersecurity protection assessments, and privacy policy reviews.• Planned and designed a unified online privacy center for customers to exercise their rights across Alibaba Group, determine the details of product requirements and manage the implementation.• Designed and organized the implementation of the AliExpress and Alibaba.com data subject rights exercise process and provided feedback on privacy policy interpretation and compliance practices. • Evaluated and enhanced privacy and cybersecurity within Alibaba Group business units against industrial standard as ISO 27001, SOC and PCI DSS, prioritized compliance projects, raised awareness among business unit management, and promoted fundamental changes.

• Chaired information security and assurance maturity evaluation and risk management at the country level in 5 East Asian countries and regions (China, Korea, Myanmar, Hong Kong, and Taiwan).• Built and adapted Global Information Service network relevant policies and procedures in China, developed a sustainable information governance structure, with a team of 8 people, 4 offices across China. • Developed effective information-sharing practices and managed access to information resources, accommodated freedom of information requests. • Provided business assurance and risk management consulting in the areas of information and knowledge management, security architecture, access management, data loss prevention, system hardening and penetration testing, and vulnerability management.

• Guided the China Organizational Name Administration Center through the ISO 9000 and ISO 27000 series certification, led the "Government Affairs" and "Public Interest" new generic top-level domains application to Internet Corporation of Assigned Names and Numbers for more than 3 years.• Managed SCOPSR’s IT system procurement, construction, operation, maintenance, audit, and security reinforcement. • Led the project implementation of the Information Systems Classified Security Protection project.• Coordinated as the liaison of Administrative Approval reform (approval items to be canceled and delegated to lower levels) of the Ministry of Civil Affairs, the State Intellectual Property Office, and the State Administration of Grain.• Core contributor to the book The State Council Canceled and Adjusted Administrative Approval Items Directory.• Co-author of the book E-government Development Introduction for the Commission Offices for Public Sector Reform.

• Performed risk-based IT audits and SOX compliance reviews for U.S. public companies, ensuring that IT activities adhere to internal policies, security protocols, and the department or organization is operating in compliance with applicable laws and regulations.• IT Governance Consulting. Led a team of 5 to revise the governance framework, review and refine the operating process, and improve the effectiveness and efficiency of IT governance. • Cyber Security Consulting. Led a team of 4 members to perform risk and security assessment, vulnerability scan, intrusion detection, network sniffer, gap analysis, and IS regulatory compliance evaluation.

• Senior member of Microsoft Technology Club, organizing a series of lectures featuring KaiFu Lee and YaQin Zhang… from Microsoft Research Asia on several university campuses.• Administrator of Microsoft Student Center website, responsible for technology content compiling.• Assistant the organization of Microsoft Imagine Cup 2006-2008 and the Bill Gates Speech at Peking University.