Summary
Overview
Work History
Education
Skills
Websites
Certification
Timeline
Generic
Hua Jun Yong

Hua Jun Yong

Information Security Manager
Banting

Summary

Experienced Information Security Manager at Capital A Group, with a proven track record of leading PCI DSS and ISO 27001 compliance for over 11 years. Proficient in a wide range of skills, regulatory requirements, and the best industry standards, including IT SOX, CIS, SOC 2, PDPA, GDPR, ITIL, Cloud Security, Windows Server, and SUSE Linux.

With extensive experience in IT, cyber, and information security, excel at helping organizations achieve security and compliance requirements, enhancing their resilience against cyber threats. Have successfully guided organizations toward PCI DSS, ISO 27001, and SOC 2 Type 2 compliance, demonstrating ability to drive impactful security initiatives.

Driven by a curiosity for uncovering hidden patterns and a passion for leveraging the latest cybersecurity frameworks and technology to solve real-world problems, thrive in dynamic environments where innovation and creativity are encouraged.

Overview

12
12
years of professional experience
5
5
years of post-secondary education
22
22
Certifications

Work History

Information Security Manager

AirAsia
3 2024 - Current
  • Qualified as Certified Payment Industry Security Implementer through exam administered by SISA Institute on May 2024

Information Security Assistant Manager

AirAsia
4 2023 - 2 2024
  • Made CISO's life easier by assisting in managing and assigning tasks and projects across team.
  • Enhanced my organization's resilience against cyber threats.
  • Mentored junior security staff members to develop strong and skilled information security team within organization.
  • Hold certification as CQI and IRCA Certified ISO/IEC 27001:2022 Lead Auditor.

Senior Information Security Advisor

AirAsia
06.2019 - 03.2023
  • Managed PCI DSS project for over 4 years for organization
  • Involved from initiation, planning (timeline and resources), execution, monitoring, control, and PCI DSS audits
  • Presented progress reports in weekly management meetings to ensure that project met management expectations.
  • Actively identify and assess new cloud infrastructure, applications, and APIs that may fall within PCI DSS scope to ensure compliance status. -Performed ASV scanning using Nessus Tenable, analyzed and provided scanning reports
  • Proposed solutions for findings and assisted respective teams with vulnerability remediation.
  • Performed information security assessments at beginning of design and development phase
  • Oversee IT project in each of controls and areas, including documentation, user access control, data management, log management, vulnerability assessment and penetration testing.
  • Managed IT and Information Security risk exception.
  • Established and reviewed group Information Security policies for PCI DSS and ISO27001.
  • Involved in requests for proposal and third-party risk assessments.
  • Performed IT general control and an ISO 27001 gap assessment for the organization's entities.
  • Advised and coordinated resolution of risk and compliance issues entities across Asia by working with relevant departments.
  • Engaged in internal, external, PCI DSS, and ISO27001 audits
  • Anticipated any potential risks in the upcoming audits.
  • Prepared information security awareness and secure coding training content and materials
  • Conducted awareness training program within the organization.
  • Served as a mentor for Cybersecurity students at the AirAsia academy.

IT Security Compliance Team Lead

IBM Client Innovation Centre Malaysia
03.2016 - 06.2019
  • Team lead of department, who was leading team to perform server hardening, risk assessment, vulnerability management and compliance
  • Managed task/scope and distributed to each agent
  • Then, planned and monitored progress with KPI tracker
  • Presented in weekly management meeting to report work progress to ensure to meet client expectations.
  • Advised and coordinated risk & compliance issue to the related department within IBM and ABN AMRO bank, as the case may be, for customer security policy review, vulnerability scanning tool (BigFix), server status (Decommission/Production), and audit.
  • Process owner to review whole risk assessment process to improve team efficiency.
  • Solved server hardening incident request from client, according to SLA and target date in ticketing system (Service Now and CIRATS).
  • Prepared evidence and performed secondary control for server hardening and vulnerability management. -
  • Engaged in internal (ISO 9001:2015) and external IT audit (Wintel, AIX, Linux, Solaris, Storage, Mainframe, IIS, APA, SSH, SUDO, Samba, Oracle, DB2 and etc.).
  • Tester for IBM BigFix in development and migration process.
  • Improved server hardening process, increased efficiency and saved cost for IBM
  • Due to increasing of efficiency, we managed to bring more demand of works (server hardening scope increased from 4000 to 11000 system) and two new roles (IT Security Coordinator and exception management) into team with same amount of workforce.
  • Certified ITIL V3 Foundation.

IT Executive

02.2014 - 03.2016
  • Managed Windows server 2003 R2 and 2012 R2
  • Involved in Windows patching, software & hardware RAID installation/configuration/recovery. -Installed Windows 2003 and 2012 R2 domain controllers, established new domain and managed Active Directory
  • Involved in user creation, deletion, user access permission and periodical access review
  • Configured external domain trust, allowed users from trusted domain to access services in trusting domain. -Symantec Antivirus and Backup Exec Server/PC installation, configuration and job automation
  • Syslog, event logs, daily backup status monitoring and analysis
  • Periodically testing on backup recovery, managed server data storage and capacity to ensure data availability. -Desktop/Laptop windows OS Installation, configuration and problem troubleshooting
  • Configured MS Exchange server email on outlook, IT support for Microsoft office Suites, accounting software (MYOB), photocopiers/printers and smart devices (all kinds of smartphones and tablets) for users.
  • Managed network equipment (switch, router, modem, firewall) in organization
  • Configured TCP/IP, DNS and static IP address for router and server/PC
  • Monitored company network connection status to ensure WLAN, LAN and internet service are available for daily operation. -Installed IIS (Internet Information Server) and MS SQL server in windows 2012 R2
  • For purpose of SharePoint and intranet implementation and publishing.
  • Participated in two courses in 2015, Novell Certified Linux Administrator 11 and Microsoft Excel Intermediate.
  • Helped to setup internal and external network in warehouse, to establish shared folder, and link of each PC to private printer for convenience of workers in warehouse to increase work efficiency.

IT Governance Analyst

AMD
02.2013 - 02.2014
  • Control Performers of IT Compliance in AMD. Performed IT SOX controls based on daily, monthly, quarterly, semi-annually basis
  • Included controls are IT Network Security, User Access Application, User Access Infrastructure, Data Storage Management and vulnerability assessment.
  • Analyzed to ensure application/system user access are updated, reviewed and compliant to group IT security policy.
  • Managed, collected and saved evidence for audit purposes.
  • As consultant to other departments from compliance perspective to assist them in their daily tasks to ensure all processes are compliant.
  • Experienced in IT Audit, IT Security and software applications including SAP GRC, SharePoint, Microsoft Excel, Microsoft Word
  • Excellent oral and email written communication skills and knowledge of information technology.
  • Managed to assist and work with infrastructure, application and information security teams in IT controls, such as server deploy, upgrade, patching maintenance, network vulnerabilities assessment and remediation to ensure implementation schedules are met and compliant.
  • Engaged in internal IT audit and assist team lead in audit.
  • Worked with process owner for process improvement to enhance efficiency in work.

IT Trainee

Business Quest Dot Com SDN. BHD.
03.2012 - 06.2012
  • Ubuntu Linux server (virtualization), network installation and configuration. - Website development and maintenance.
  • Worked closely with supervisor and customers, to utilize relationships to ensure that server/system/product installation, configuration and implementation schedules are met.

Education

Bachelor's degree - Computer Software Engineering

Multimedia University
Cyberjaya, Malaysia
01.2008 - 04.2013

Skills

Certified CQI, IRCA, ISO/IEC 27001:2022 Lead Auditor

Certified Payment Industry Security Implementer

Certified ITIL Foundation

Certified SUSE LINUX Administrator 11

Cybersecurity Strategy

ISO27001, PCI DSS, SOC 2, IT SOX

Information Security Management

Security Risk Assessment

Security Awareness Training

Security Policy Development

Vulnerability Assessment & Management

Security Compliance Management

Secure Coding Practices

Incident Response

Threat Intelligence

Windows and Linux Server Management

ITIL

Microsoft Excel

Certification

CISSP Cert Prep: 1 Security and Risk Management - LinkedIn

Timeline

Senior Information Security Advisor

AirAsia
06.2019 - 03.2023

IT Security Compliance Team Lead

IBM Client Innovation Centre Malaysia
03.2016 - 06.2019

IT Executive

02.2014 - 03.2016

IT Governance Analyst

AMD
02.2013 - 02.2014

IT Trainee

Business Quest Dot Com SDN. BHD.
03.2012 - 06.2012

Bachelor's degree - Computer Software Engineering

Multimedia University
01.2008 - 04.2013

Information Security Manager

AirAsia
3 2024 - Current

Information Security Assistant Manager

AirAsia
4 2023 - 2 2024
CISSP Cert Prep: 1 Security and Risk Management - LinkedIn
CISSP Cert Prep: The Basics - LinkedIn
Information Security: Context and Introduction - University of London & Royal Holloway, University of London
CISSP Cert Prep: 2 Asset Security - LinkedIn
CISSP Cert Prep: 3 Security Architecture and Engineering - LinkedIn
CISM Cert Prep: 4 Information Security Incident Management - LinkedIn
CISSP Cert Prep: 5 Identity and Access Management - LinkedIn
ITIL Foundation Level - AXELOS Global Best Practice
CISM Cert Prep: 2 Information Risk Management - LinkedIn
CISSP Cert Prep: 4 Communication and Network Security (2018) - LinkedIn
CISSP Cert Prep: 6 Security Assessment and Testing (2018) - LinkedIn
CISSP Cert Prep: 7 Security Operations (2018) - LinkedIn
CISSP Cert Prep (2021): 8 Software Development Security - LinkedIn
CISSP Cert Prep (2021): 1 Security and Risk Management - LinkedIn
CISSP Cert Prep (2021): 2 Asset Security - LinkedIn
Learning Secure Payments and PCI - LinkedIn
Learning GDPR - LinkedIn
Privacy by Design: Data Classification - LinkedIn
Learning Security Metrics - LinkedIn
Certified Information Security Manager (CISM) Cert Prep (2022): 1 Information Security Governance - LinkedIn
CQI AND IRCA CERTIFIED ISO/IEC 27001:2022 LEAD AUDITOR - BSI ENR-01366086
SUSE LINUX Administrator 11 - Novell MY1201152044LA

Similar Profiles

  • UMARUL AZMAN EZZAQ BIN AZMAN

    UMARUL AZMAN EZZAQ BIN AZMANUMARUL AZMAN EZZAQ BIN AZMAN

    Training Planner Disruption at AirAsiaTraining Planner Disruption at AirAsia

    View Profile
  • Tushar Bhattacharya

    Tushar BhattacharyaTushar Bhattacharya

    DevOps Engineer at AirAsiaDevOps Engineer at AirAsia

    View Profile
  • Gaurav Kesharwani

    Gaurav KesharwaniGaurav Kesharwani

    Senior Software Engineer (web-frontend) at AirAsiaSenior Software Engineer (web-frontend) at AirAsia

    View Profile
Hua Jun YongInformation Security Manager