Lead and advise Governance, Risk and Assurance matters and customers engagement across Asia region

▪ Ensure information security strategy, risk appetite, policies and action plans are formulated/ implemented based on AIA Group and relevant MAS Technology Risk Management Guidelines, Outsourcing Guidelines etc.▪ Maintain an understanding of emerging technology, technology trends and related risks. Assess the impact on the business environment and align appropriate mitigation actions or the prioritization of projects and investments▪ Ensure continuous improvement processes and adopting innovations for information security measures and assurance ▪ Monitor and maintain system confidentiality, integrity and availability and manage information security crisis/incidents▪ Promote appropriate culture, awareness and organizational change for well balanced information security practices across companies and agencies.

▪ Provide leadership for the Ministry and its agencies within the information security sphere through development of appropriate cyber security strategies and tactical plans.▪ Formulate information security goals and establish policies, standards and procedures inline with whole-of-government cyber security directions▪ Develop the culture of appropriate cyber security & data risk assessment and risk acceptance across from stake holders to end users and ICT professionals▪ Ensure cyber and data security compliance to whole-of-government policies and standards▪ Review,endorse and align information security and develop risk management and mitigation plans▪ Advise management on the appropriate cyber security solutions and technologies to be deployed▪ Align IT needs with the strategic cyber security direction of whole-of-government▪ Obtain executive support for information security and awareness programs. ▪ Implement change management and project management process to keep up with evolving cyber threat landscape

▪ Primary contact point for Information Security, Data Governance, Risk & Compliance (GRC) for regional senior leadership team▪ Responsible for planning, developing, and leading Wartsila APAC and industry partners cyber maturity towards regulatory requirements (IMO 2021, GDPR, PDPA etc.).▪ Proactively ensure the completion of from audits & compliance findings and advises country management on the correction actions.▪ Maintains and enhances the cybersecurity & data governance framework, agile methodology, and guidance and training initiatives.▪ Overall in-charge for International Maritime Cyber Centre of Excellence (IMCCE) – comprising of Cyber Threat Intelligence & Incident Response Centre, Cyber Physical Laboratory and Cyber Academy Centre.

• Responsible for planning, developing, and leading the IT audit teams in executing of assurance procedures and reporting on IT & Data Governance, Risk and Regulatory Compliance across 9 countries.• Understands and implements the three-lines of defense risk management framework (GRC).• Prepares informative reports for Group Exco and Group Audit Committees.• Establishes positive relationships with senior IT and business stakeholders so that Internal Audit is the first to be called about control issues.• Maintains and enhances the audit universe, methodology, and guidance and training initiatives.• Design, development, and maintenance of comprehensive risk-based IT & Data audit plans across all countries.• Devise (based on risk exposure and trend) and monitors the progress of the IT audit plan of all countries and guide/mentor IT auditors in country to make sure plans are completed in a collaborative manner.• Proactively monitors the completion of corrective audit actions and, as necessary, advises management and IT teams of past due actions.

Responsible for leading the entire cybersecurity advisory team in PwC to deliver state-of-art advisories, risk assurance services across Cybersecurity, Information Security Management System (IISO27001/2), Personal Data Protection Acts (GDPR, PDPA), Business Continuity Management Systems (BCM SS540), PCI DSS, COBIT etc.

• Responsible to drive Technology & Data Governance, Risk Management framework, IT standards/policies and its compliance across Asia• Responsible to drive IT Security Strategy, Programme & Trainings across 8 countries.• Responsible for leading the Regional Computer Security Incident Handling Team (CSIRT).• Responsible for security review and solution evaluation on several projects (i.e. privacy impact assessment, mobile device, Data Loss Prevention, Outsourcing, Cloud computing & etc.) and advise security controls build into the solution to comply with local regulation and privacy acts.• Liaison person for Internal/External/Regulatory/IT Audits and ensure its mitigation to completion.• Vendor Management/Evaluation for Security Services.

• Responsible for establishing Group Technology Risk Management framework, Information Security Standards/Policies (IS027001/2) compliance checks (based on OCBC) across GE Group.• Part of the Policies/Standard Deviation Committee for OCBC bank.• Responsible to drive data privacy and protection policies & controls across 5 countries.• Responsible to drive security compliance checks/audits across 5 countries.• Responsible to drive Security Awareness/Training across 5 countries.• Liaison person for Internal/External/Regulatory IT Audits and ensure its mitigation completion.

• Build up Integrated Assurance team across 14 countries in APJ on first year.• Act as an APJ senior level escalation point on security & compliance matters.• Develop APJ security strategies aligning to business and IT strategies• Ensure that APJ business effectively apply appropriate security and quality controls complying with global standards and regulations (ISO27001, Sarbanes Oxley, EU Data Privacy, FDA etc.)• Lead internal and external (Sarbanes Oxley, ISO27001, GxP, FDA) audits.• Drive IT Security & Compliance training/awareness programs across APJ• Drive regional security incident management and regional risk reporting framework and present high risks issue and mitigation to APJ Management.• Oversee the development, implementation and maintenance of global IT Risk framework, security standards/policies across the region.• Accountable for security and risk management processes across IT organizations in APJ• Global SOC evaluation committee

• Responsible to roll out Risk Management Framework (COBIT - SOX compliant) across APAC region.• Plan Information Security Strategy, Programs, Awareness Training for Singapore/Hong Kong/UAE• Ensure all internal policies and procedures and external requirements are met across APAC regions to protect the business and the Group's position and reputation• Oversee Business Impact Analysis/Full Risk Assessments (i.e. System/Network Architecture, Information Flow review & etc) to identify gaps and propose countermeasures to minimize all IT Risks for all IT projects to Senior Management• Oversee and monitor the Singapore/Hong Kong/Malaysia/UAE operation to ensure that appropriate systems and controls are in place and maintained• Drive Business Continuity Planning/Disaster Recovery programs for Singapore/Hong Kong/Malaysia/ UAE.• Liaison person for Security Audit with Internal Auditor/External Auditor and Regulatory Auditors (HKMA, MAS IBTRM, Bank Nigera Malaysia & etc)• Vendor Management on Security Services/Operations.

• Provide security architecture advisory, security review & security consultation to customers from various sectors (Banking/Finance/Insurance Government Linked Companies & etc).• Responsible for devising proof-of-concepts and mock up solutions for customer's evaluation.• Work closely with Sales team to come out contract-winning solutions for closed or open tenders.• Ensure smooth project transition from Pre-Sale to Post-Sale team.

• Implement ISO27001 Information Security Framework for SMRT.• Develop security strategy, security roadmap towards ISO27001 compliant.• Drive security projects according to security roadmap via closed and open tenders.• Embed risk assessment into IT Lifecycle.• Establish security threat management (patch management/AV management)• Establish and manage Incident handling management framework across 99 remote sites.• Perform security audits, vulnerability assessments and penetration tests.• Drive Bi-Yearly Security Awareness Training (56 trainers to champion awareness to 2000 SMRT staff) and Bi-monthly security corporate articles.

• Manage cybersecurity for MFA's consulates over 36 countries• Conduct Security Testing/Vulnerability Assessment/Penetration Test• Conduct Risk Assessment/BIA in IT projects• Perform Security Exploit Analysis & Escalation• Perform Security Project POCs and Deployments• Manage Anti-virus Server Administration/Firewall Administration IDS Administration• Perform OS/Router Hardening• Conduct Security Incident Handling (Threat Containment, Evidence gathering for ISD investigation)

• Leading IT Development team and Infrastructure team• Spearhead all E-Commerce (B2B/B2C) Development and ensure secure SDLC embedment• Responsible for Security/DRP/BCP policies management to align with UBS's management risk appetite.• Manage all Security Testing/Audit, Vulnerability Assessment & Patch management