AeroLeads people directory · profile

David Cheng Email & Phone Number

Director - Internal Audit for IT Infrastructure and Cybersecurity and Regulatory Issue Validation at MUFG
Location: New York, United States 9 work roles 3 schools
1 work email found @us.mufg.jp LinkedIn matched
✓ Verified Jul 2026 4 data sources Profile completeness 100%

Contact Signals · 1 work email

Work email t****@us.mufg.jp
LinkedIn Profile matched
3 free lookups remaining · No credit card
Current company
Role
Director - Internal Audit for IT Infrastructure and Cybersecurity and Regulatory Issue Validation
Location
New York, United States
Company size

Who is David Cheng? Overview

A concise factual answer block for searchers comparing this professional profile.

Quick answer

David Cheng is listed as Director - Internal Audit for IT Infrastructure and Cybersecurity and Regulatory Issue Validation at MUFG, a with 85 employees, based in New York, United States. AeroLeads shows a work email signal at us.mufg.jp and a matched LinkedIn profile for David Cheng.

David Cheng previously worked as Director - Internal Audit for IT Infrastructure / Cybersecurity / Regulatory Issue Validation at Mufg and Director - IAM Control and Governance Officer at Mufg. David Cheng holds Mba, Investment Management from Pace University - Lubin School Of Business.

Company email context

Email format at MUFG

This section adds company-level context without repeating David Cheng's masked contact details.

*@us.mufg.jp
68% confidence

AeroLeads found 1 current-domain work email signal for David Cheng. Compare company email patterns before reaching out.

Profile bio

About David Cheng

Strategic and results-driven professional with over 14+ years of experience in global technology infrastructure audit, specializing in Cybersecurity, Identity & Access Management, IT System Design/Architecture, Regulatory Compliance, Issue Management, and Risk Assessment Frameworks. Proven success in leading large-scale global Cybersecurity and IT audits, demonstrating expertise in risk assessment, compliance measurement, and comprehensive IT audit methodology/lifecycle management.IT Audit Experience:- Executed impactful audits, evaluations, and design implementations for IT systems, leveraging a unique blend of engineering expertise and insights from both the First and Third Lines of Defense.- Proficient in navigating with FFIEC, OCC, HIPAA, Sarbanes-Oxley (SOx), SOC, COBiT, ISO, NIST, and other global regulations and compliance frameworks specific to Information Technology and Cybersecurity within Financial Services industries.Technical Skills and Expertise:- Over 7 years of hands-on experience in Identity & Access Management (IAM), IT system architecture, systems design, network security, and system implementations.- Demonstrated proficiency in IAM controls, Architecture, and Technology Governance Processes, contributing to the enhancement of overall security postures.As a forward-thinking professional, I bring a wealth of technical skills and knowledge to drive excellence in the fields of Cybersecurity, IT audit, Artificial Intelligent and Identity & Access Management. My commitment to staying abreast of evolving regulations and compliance frameworks ensures that organizations I work with maintain the highest standards of information security and technology governance.

Listed skills include Information Security, Data Center, Network Security, Infrastructure, and 46 others.

Current workplace

David Cheng's current company

Company context helps verify the profile and gives searchers a useful next step.

MUFG
Mufg
Director - Internal Audit for IT Infrastructure and Cybersecurity and Regulatory Issue Validation
New York, NY, US
Employees
85
AeroLeads page
9 roles

David Cheng work experience

A career timeline built from the work history available for this profile.

Director - Internal Audit For It Infrastructure And Cybersecurity And Regulatory Issue Validation

New York, Ny, Us

Director - Internal Audit For It Infrastructure / Cybersecurity / Regulatory Issue Validation

Current

Chiyoda-Ku, Tokyo, Jp

Manage and execute Technology Infrastructure and Cybersecurity audits for a leading global financial services bank. Areas audited include IAM, Cybersecurity Framework (FFIEC), 3rd Party Risk Management, Internal/Cloud Network, Databases, Operating Systems, Data Leakage Prevention, and Regulatory Issue/MRA RemediationValidations.● Manage, plan and execute US-Based technology infrastructure and cybersecurity audits to meet regulation requirements.● Validate Regulatory related issues..● Provided continuous audit coverage over new initiatives such as Cloud infrastructure, IAM Control redesign, and Privileged Access Management

May 2019 - Present

Director - Iam Control And Governance Officer

Chiyoda-Ku, Tokyo, Jp

Manage the US team in Controls & Governance for Identity Access Management (IAM) in Enterprise Information Security (EIS) of MUFG Union Bank, N.A. Areas of responsibility included: managing all internal/external/regulatory audit responses for IAM, managing and executing SOx 404 IT Control remediation program, defining IAM policy/standards, establishing IAM internal controls, managing and tracking IAM related issues/action plans for timely remediation, and executing RCSA assessments.● Interact and respond to all internal, external (SOx 404 and SSAE 16/18) and regulatory audits and information inquiries● Manage and execute SOx 404 IT Control remediation program● Interact with 1st line (FLoD) and 2nd line (SLoD) of defenses to define IAM policy/standards● Establish IAM controls and processes for access certification, access requests, role/attributed based access (RBAC/ABAC), privileged access, and segregation of duty● Manage, track and resolve IAM internally identified and audit/regulatory related control issues● Establish an IAM policy and standard● Establish an IAM Governance program to continuously monitor and measure IAM policy compliance● Execute and report IAM Risk and Control Self Assessment (RCSA) program● Provide Control Guidance and SME for IAM Project - Cloud Transformation, AWS, Privileged Access, GRC for IAM Control

Jul 2016 - Apr 2019

Member Board Of Directors

Current

A member of ISACA New Jersey Chapter Board of Directors - ISACA New Jersey Chapter is dedicated to enriching the lives of our members by providing them programming, content, and events that furthers their career. #isaca #njisaca

Jul 2022 - Present

Board Of Visitors For The College Of Science And Liberal Arts At Njit

Newark, Nj, Us

Board advisors to the College of Science and Liberal Arts

Oct 2015 - Feb 2020

Vp - Iam Control And Governance For Central Technology

New York, Ny, Us

Managed a global team in Controls & Governance for Identity Access Management (IAM) within Corporate Technology & Risk (CTR) in JPMC. Areas of responsibility included: managing all internal and external audit responses, managing and executing CTR’s SOx program and testing, managing and tracking IAM related issues/action plans for timely remediation, and executing RCSA assessment.● Interacted and responded to all internal, external (SOx and SSAE16) and regulatory audit interaction and information inquiries● Managed and executed SOx Program for CTR applications and infrastructure● Executed and reported SOx management testing● Managed, tracked and resolved IAM related control issues● Managed project scopes, budgets, and documentation to assess overall risk of findings related to audit, and regulatory requirements.● Established an IAM Governance program to ensure appropriate visibility, communication, and governance across key business partners and stakeholders.● Provided continuous assessment and metrics coverage over new initiatives such as access recertification process, IAM engineering redesign of tools and process, and SOX/SSAE 16 testing automation.

Apr 2014 - Jul 2016

Vp - Internal Audit For Technology Infrastructure And Information Security

New York, New York, Us

Co-leaded a global team in planning and conducting global technology infrastructure audits. Areas audited include: Global Technology Infrastructure (GTI), Information Security, applications, databases, network, remote access, access administration / recertification, firewall administration / configuration, network attached storage, endpoint security, directory services, Email infrastructure, BCP, 3rd party vendor management, virtual server and desktop infrastructure, and other global locations.● Co-leaded a team of staff auditors to perform global audits - providing mentoring, performance review and career development.● Conducted large scale global IT Infrastructure audits (~10 to 15 audits per year) – Operating Systems, Virtualization, Networks, Email / IM platforms, Information Security (FFIEC and ISO 27001/27002), ITGC, Systems Resilience/Business Continuity Plan, SDLC, Change Management and Vendor Management● Interacted with external auditors during examinations (SOx and SAS70 / SSAE16).● Conducted post remediation reviews to verify risk mitigation and control compliance.● Used database and data analytic skill for systematic and large scale data intensive audits.• Infrastructure Skills:•• Systems || Microsoft Active Directory, MS Windows, UNIX (Solaris and AIX) and Linux servers•• Virtualizations || VMware ESX, VI3 and VDI•• Networks and Remote Access || CheckPoint Firewall, Cisco PIX Firewall, Cisco VPN, EMC SAN, NetApp, Citrix, Cisco Call Manager, Microsoft Exchange, Microsoft LCS, Email Retention and Email Surveillance•• Information Security || Penetration Test, Vulnerability Scanning (Qualys), Intrusion Detection, Vendor Management, Data Leakage Prevention and Security Incident ResponseBCP Data Center Design and Resiliency, BCP IT and People Recovery, Data Backup, Systems Resiliency and Crisis Management•• Database || MS SQL and Oracle•• Application/SDLC || SDLC, Software Version Control and Change Management

Nov 2004 - Apr 2014

It Architect

New York, Ny, Us

Solution research, design and implementation:• Design, research and implementation for internal KPMG LLP IT Solution.• Provide technical subject matter expertise to other internal KPMG LLP areas, such as Microsoft, Citrix, Cisco, and Remote Access Technology.• Setting KPMG LLP Internal Infrastructure Standard.• Aligning Business requirement with suitable IT technology.• Experienced with the following technology design and implementation:• Windows 2003, Windows 2000 / Active Directory / DNS / DHCP / AD Security and Group Policy.•••• Citrix MetaFrame XP FR3 and Web Interface.•• Microsoft Network Load Balancing.•••• Storage Area Network (SAN with HP and Apple Xserve).•••• Wireless LAN using Cisco and RADIUS authentications.•••• HP Server Hardware (DL / ML / BL Servers)•••• Blade Server (HP) for server consideration•••• HP RDP for remote server deployment•••• SQL 7.0 and SQL 2000 Databases•••• VMware•••• Linux (Red Hat)•••• Wireless Secure Email (RIM Blackberry and Good Technology)•••• IP-enable KVM•••• Patch Management (PatchLink and HfNetChk)High Level Design Project:•••• Citrix MetaFrame XP FR3 design for outsource environment.•••• Pervasive Digital Right Management Research.•••• Redundant Funk RADIUS implementation.•••• Automatic Patch Management Solution using PatchLink and HfNetChk.•••• Remote and Multi-level Analog and IP-enable KVM solution.•••• Linux integration with Microsoft Active Directory.•••• Blade Server for Server standardization and Remote Deployment.•••• Wireless Secure Email integration (RIM Blackberry and Good Technology)

Mar 2003 - Nov 2004

It Manager

Denver, Colorado, Us

Corporate Network Security:• Define the Corporate Network Security and E-mail policies, including Network Perimeter Security, LAN/WAN Security, Remote Access, and Encryption policies.Infrastructure Design:• Lead in evaluation, recommendation, budgetary presentation and research for the requirement for IT infrastructure needs within the Enterprise Service group. (Major Projects include: Global Network Design, NT/2000 site design, security architecture and other IT projects.)Definition of Enterprise IT Technical Direction:• Evaluate key technologies and provide recommendations for adoption priorities and plans to the Chief Information Officer.• Establish prioritization and the evaluation of new technologies for incorporation.Enterprise Architecture Planning:• Align Business Goals with IT initiatives using Zachman Framework for Enterprise Architecture Planning.• Develop overall architectural model for future IT/Business development, process improvement and future IT technical direction.Merger and Acquisition Activity:• Participate in evaluation, recommendation and planning for integration of IT for company merger and acquisition activities through business/IT systems, business process analysis and data modeling.

Apr 1998 - Feb 2003
3 education records

David Cheng education

Mba, Investment Management

Pace University - Lubin School Of Business

Msc, Computer Science

University Of South Florida

Bsc, Biology - Biotechnology

University Of South Florida
FAQ

Frequently asked questions about David Cheng

Quick answers generated from the profile data available on this page.

What company does David Cheng work for?

David Cheng works for MUFG.

What is David Cheng's role at MUFG?

David Cheng is listed as Director - Internal Audit for IT Infrastructure and Cybersecurity and Regulatory Issue Validation at MUFG.

What is David Cheng's email address?

AeroLeads has found 1 work email signal at @us.mufg.jp for David Cheng at MUFG.

Where is David Cheng based?

David Cheng is based in New York, United States while working with MUFG.

What companies has David Cheng worked for?

David Cheng has worked for Mufg, Isaca New Jersey Chapter, New Jersey Institute Of Technology, Jpmorgan Chase & Co., and Goldman Sachs.

How can I contact David Cheng?

You can use AeroLeads to view verified contact signals for David Cheng at MUFG, including work email, phone, and LinkedIn data when available.

What schools did David Cheng attend?

David Cheng holds Mba, Investment Management from Pace University - Lubin School Of Business.

What skills is David Cheng known for?

David Cheng is listed with skills including Information Security, Data Center, Network Security, Infrastructure, Virtualization, Integration, It Audit, and Vmware.

Find 750M verified contacts

Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.