Yuheng Ma

Information security training

Design the information security training architecture over the entire group , associate resources to operate the training plan successfully

Due diligence

Collect and classify the information for the due diligence questions according to information security framework ,lead several internal departments to optimize the process and key milestones of due diligence

BCP drill

Select risk scenarios and assist in organizing the group’s business continuity plan desktop drills

ISO 27001/27701 operation and optimization

1.Perform optimization based on the company's costs according to the actual gap between the organization and ISO 27001/27701 (access control, third-party access restrictions, optimization of log functions, etc.)

Ÿ2.Organize asset risk assessment, internal audit and training, and pass BSI’s annual review in 2022

System privacy security audit

Understand the flow of customer privacy data based on the data life cycle, and conduct privacy risk audits and optimizations according to the GDPR for the user systems and intermediate systems involved in storing such data

Annual financial IT audit

1.Lead team to perform ITGC testing for the financial systems (including access control, system update control, and system operation control)

2.Understand business scenarios of financial companies, perform system control testing and data analysis(journal entry testing)

Bank technology risk compliance

Carry out technology risk check for banks according to the compliance requirements announced by China Banking Regulatory Commission.