Peter Chung Email and Phone Number

Led and supported the technical development, implementation, and compliance of the IT security programme for the organisation, including Cloud service and third-party suppliers. Hold direct oversight and governance of all primary internal risks with a predefined target of risk reduction to customer data across the Telefonica O2 estate. Delivers security leadership and stakeholder management across the wider business to ensure clear security guidance for any identified risk or to maximise a service or team’s capability to protect Telefonica O2 from a substantial security breach.• As an advocate of customer privacy, actively supported the business in a variety of security programmes focused on continuous improvement of security and data protection.• Development and implementation of threat analysis processes for internal, Cloud and Supplier services.• Creation, implementation and governance of security principles and best practises which includes: system security hardening, network segregation/segmentation, end user device management, privilege access management, anomaly-based threat detection and NIST Cyber Security Framework.• Stake holder’s management to develop and cultivate senior management security support.• Participate in various Telefonica governance forums to ensure security is at the heart of every business strategy.• Created a highly competent security team to drive security principles and best practises, across internal services and supplier management processes.

Interim assignment responsible for Information Security at Telefonica UK. This interim role is a temporary position with predefined objectives to drive security changes and influence the business in new ways, approaching security as part of the transformation to a digital business. The aim of the role is to implement new methodologies within the current IT/Information Security model to enhance the security team’s capability to manage security risks and deliver measurable effective controls. The security model would drive a risk based approach to identify key threats and attack vectors which could be exploited by a malicious user, and to influence changes when implementing a cyber security strategy. The strategy would focus on getting the fundamentals right, consolidating all security controls to use them more effectively across the business and to align those controls with the overall global strategy.

Information Security manager and Chair of the Technology Security Steering Group, delivering technical security consultancy and Information security governance, in support of the Telefónica UK and European business. Ensuring clear security guidance for any identified risk that could impact, existing or futures services from an application and infrastructure perspective. Thereby, helping to ensure that the appropriate level of security controls and security standards have been identified and implemented, when delivering new and existing services.Main Areas of Focus: •Delivering Security consultancy and information security governance to the UK and European business in relation to the development and implementation of common Information and Technical Security vision and strategy to support the delivery of innovative UK and European solutions, based on cutting edge technologies. •Consulting on the Technical implication and interpretation of the PCI DSS information security requirement, to minimise the potentials impact on the business and to obtain compliance and certification status. •Supporting the development and maintenance of the IT Security Strategy, to ensure that its goals reflect market expectations and the needs of the business in accordance with Telefónica UK’s risk profile and Key threats.•Creation of security principles and best practises that can be implemented in to the foundation of every new T-UK and European service and function. •The maintenance and creation of relevant and appropriate security policies and standards for the UK and European operating businesses. •Vulnerability analysis and Risk management of any identified service or platform threat and to deliver the appropriate controls to manage the identified threat.•Chair the Technology Security Steering Group (TSSG) which delivers technical security standards and policies across the Telefónica European organisation.

Technical security leadership for the global organisation, focusing on security consultancy, governance, and IT forensic investigations. Guiding security best practices and principles to all business units within approximately 35 countries and interfacing closely with all senior leaders to help foster security cooperation, common security principles and centralised reporting throughout all regions. Where security experience was lacking, provide guidance and support to ensure that the appropriate resources can be cultivated to meet the business requirements. • Management of internal security audits on business-critical infrastructure • Support the redesign of reginal Cloud services • Identify and implement new security technologies to help prevent a customer data breach• Liaise with regional C.E.O.s on significant security threats• Deployment of regional security governance and policies • Advise on incident response procedures and escalation handling to all regions• Participate as the security design authority on business-critical security enhancement projects • Support regions to review secure operational procedures and best practises.• Manage investigation activity, including all IT forensic investigations across all regions• Creation of a whistle blowing policy for management awareness and employee protection• Implementation of a Gifts and Conflict database to record potential conflicts of interests and to help prevent potential allegations of employee corruption.

Security Consultant, delivering threat analysis and security best practises to enterprise online hosting services. Focusing on potential or existing customers’ understanding of security, the key threat they could face and the remediation options they should implement to minimise any potential impact to retained data. Key principles were: Assess, Control, Monitor, Respond, Recover.• Implemented penetration testing engagement rules • Supported customers on remediation plans and priority risk reduction activities • Primary contact for internal and external sales teams to help generate new business or to present any proposal to existing customers.• Created and implemented a threat intelligence and impact assessment service for all UK customer base. • Documented all new vulnerabilities and generated a report covering findings and recommendations to be distributed to all UK customers.• Created a highly competent security team to drive security principles and best practises.