William Loh Email and Phone Number

As Head of IT Security, my job is to ensuring the bank will be amongst the safest banks and will be seen as a leader in (IT) security. To assist the bank in being successful in IT Risk and IT Security.My role is responsible for securing Wholesale Bank (WB)Tech environments globally. To help to create a cohesive IT Security Strategy, a roadmap for strategy implementation and responsible for delivering security & risk awareness throughout WB Tech.My role also involve supporting all the facets of IT Security with the main focus in managing activities such as:- Security Advisory- Security Architecture and DesignApplication Security and Control ImplementationsIT Security/Risk Assessments, 1st line security challengeAssessments of regulatory guidelines/notices related to IT and Security.- Security OperationsManagement of Security ToolingReporting and monitoring of Key risk itemsIncident response and follow upData leakage/unauthorized data exfiltration monitoring for AsiaSecurity monitoring and Security ScanningKey Control Testing- Security TestingPenetration Testing activities (internal/external).Vulnerability and Patch ManagementDAST/SAST, Configuration review

Singapore University of Technology and Design is founded in 2009, it is the fourth autonomous and public university in Singapore after NUS, NTU and SMU. SUTD has a strong connection and partnership with world top universities. It is established in collaboration with Massachusetts Institute of Technology (MIT) and Zhejiang University. My role as a CISO is to assist CIO & CFO in planning and executes cyber security strategic roadmap, rolling out security technologies to enhance SUTD’s security posture and overseeing the daily security operation of the University.My role comprises the below key job responsibilities:• Strategic planning for IT security investments and technology adoption to maximize effectiveness of IT security controls against rapidly evolving threats• Develop and maintain common standards, methodologies and best practices for security management to ensure IT systems are designed with due consideration for security• Provide consultancy and advice on IT security architecture and design considerations to IT project teams• Manage a comprehensive IT security programme that deliver solutions to address any IT security risks that may impact business operation which may include cloud access control solutions, identity and access management platforms, data protection technologies, anti-malware, vulnerability management, security monitoring and compliance tools.• Ensure security best practices and compliance standards are implemented on network, infrastructure and applications• Liaise with internal and external stakeholders on cyber security issues to keep everyone abreast of expectations, project/issue status and completion timeline• Track and analyze IT security metrics for optimal effectiveness and benchmarking• Participate in various internal, external and international forums on cyber security to keep abreast with cyber security threat landscape and technologies development to address any risk that may impact business.

As trustee of the nation’s retirement savings, the central provident fund (CPF) board helps 3.9 million CPF members save for their retirement, healthcare and housing needs. My role is to assist CISO in planning and executes security strategic roadmap and oversee the security operation of the board. These included providing expertise on security technologies and developing innovative and effective security programme and solutions towards enhancing the resilience of security operations and systems. My role comprises the below key job responsibilities:• Develop key strategic security roadmap, project plans and budget including alignment of people, process and technologies• Develop, manage and track the IT security department’s annual budget for initiatives and training.• Drive security education and awareness programme in the organisation• Collaborate with business partners to identify, prioritize and mitigate information security risks• Devise strategies and implementing comprehensive security solutions to enhance and minimize the risk of cyber-attacks and incidents• Establish risk governance and standards on information security in alignment to regulatory and business requirements• Oversee and ensure smooth delivery of IT security operations and related systems performance and reliability in meeting business needs• Provide direction, guidance and training to IT security staff under my department

Develop security policies, process and procedures to enforce security on systems operating for Singapore '.sg' domain name system (DNS) which is a critical national infrastructure to ensure reliable uninterrupted access to Singapore government, business and public websites, emails and other key internet services to meet the mission of SGNIC and IMDA.

As a key member of the Global Information Security Assessment and Incident Response team, the regional technical information security manager (TISM) is principally responsible for ensuring the regional offices are consistently adheres to its technology security policies and best practices through the implementation of innovative solution and use of technical security risk assessment tools to perform assessment. The TISM works closely with a wide range of audiences, which include CIO, CISO, Global compliance officers, Legal, HR and IT department’s experts to assess and ensure superior security controls remain effective at protecting millions in revenue generating capability application and systems.Access Control:• Maintain an access provisioning architecture and plan. Work with business users to come up with access control methodologies, e.g single sign on, etc.• Identity lifecycle management. Making sure that access to applications is added/modified/deleted as required in a timely manner with audit log for future audit review.• Password policy management including complexities, ageing, history, etc. • IT Audits preparation review to ensure all approvals/documentation are updated.IT Perimeter Security:• Performed vulnerability assessment and penetration testing on Internet facing systems.• Conducted server hardening with GPO modifications and scored against Symantec CCS tool.Disaster recovery planning:• Represent access provisioning team in the disaster recovery parallel testing.• Ensuring that elevated access is documented and approved for disaster recovery requirements. Operations Security:• Responsible for daily operational support of access provisioning related systems, including AD, LDAP, Exchange, AS400, Unix Servers (HP/SUN/AIX/Linux).• Focus on operational process enhancements and automation to improve the user experience. Risk Management:• Provide General Computing Controls and Logical Access Control Design advices.

• Manages a team that oversees the day-to-day operations and effectiveness of assigned security technology and programs.• Manages resources that enables security control effectiveness with a team and technology• Monitor trends and continuously assesses staff/security system capabilities to meet business demands.• Leads in policy development, audit mitigation, and other tasks related to securing and maintaining the operational health of the infrastructure. Evaluates security systems, teams and processes to provide recommendations to maintain continuity and operational health.• Documents and revises procedures and playbooks for teams, processes and technology to provide a standard security practice and increase team effectiveness.Access Control: • Creating/Modifying/Deleting users' access to various applications in compliance with the organizations policies and approval chain.• Carry out quarterly audit review based upon IT security policy by picking up sample requests and verifying approval chain and track mitigation status on compliance issues.• Responsible for ID/Access lifecycle management.• Communication via Email to end user post ID creation/modification/deletion and address remnant issues.Operations Security:• Reviewing/editing/updating corporate knowledge base pertaining to ID administration.• Train helpdesk individuals pertaining to calls based on ID administration/Data security issues.• Participated in change control board meetings to consult/assist in approval for RFCs.• Member of the SOC team. Identify, escalate, and respond to security incidents. Risk Management:• Assist in development of ID/password policies.• Participate in formulating security awareness training.