From IT operations to risk governance
I am a Business Information Security Officer (BISO) working in cybersecurity governance, risk, and compliance (GRC) for a global, APAC-regulated financial institution. My day-to-day sits at the intersection of regulatory expectation, operational risk, and technology change — translating frameworks such as ACSC Essential Eight, APRA CPS 234, and ISO 27001 into practical control programs that reduce risk without paralyzing the business.
My career path has been deliberate. I started as a business continuity intern, then moved into IT support, followed by first-line operational risk, before stepping into BISO / GRC. That progression means I understand the pressure on control owners, the language of regulators, and the reality of implementation in large, complex organizations.
I am particularly interested in automation-led GRC: using Power BI, Power Automate, VBA, and SQL to reduce manual assurance effort, improve control visibility, and give executives faster, better evidence. I also contribute to AI risk governance, helping shape how a regulated bank evaluates and oversees AI use cases.
Outside of work, I am a Mandarin and Cantonese speaker with experience working across APAC and global stakeholder groups. I was recognized as Employee of the Year 2025 and selected for both global and regional talent programmes.
Career path
-
Business Continuity Intern
Financial services
Coordinated Business Impact Analysis across business lines and developed a BIA user manual to reduce repetitive training.
-
IT Help Desk Analyst
Financial services
Provided IT hardware and software support to internal users, resolving issues quickly and improving employee satisfaction.
-
Operational Risk Control Officer (LoD 1)
Global bank
Coordinated RCSA and first-line control tests, tracked incidents, followed up audit findings, and produced operational risk reports for executives.
-
Business Information Security Officer (GRC)
APAC-regulated financial institution
Lead local cybersecurity GRC topics including security risk management, cyber hygiene, ACSC Essential Eight alignment, AI risk gap analysis, and application security reviews.