SUMMARY

Michael Cheng has more than ** years of experience in information technology and information security. He has intimate knowledge and expertise in various IT areas, such as network & infrastructure, ERP, and cybersecurity.

He has worked with multiple Fortune 500 companies, such as GE, Valero Energy, BASF etc., in a number of countries and regions, like USA, China, United Kingdom, and Caribbean.

Experience of establishing both information security and product security frameworks at a global company and obtaining ISO27001 certification.

15 years of experience in ERP SAP Logistics, BI/Business Objects, including business process design, system configuration, data extraction, reporting and so on.

10 years of progressively responsible experience in information security & risk management, with expertise in security control design, risk assessment, data leak prevention, application/product security, security awareness program etc.

Michael has an active CISM certification issued by ISACA. He also was a certified PMP. He is familiar with SANS Top 20 Controls, ISO27001/2, NIST 800-53, PCI DSS, ITIL standards and frameworks.

WORK EXPERIENCE

GE Aviation (2012 – 2017) … Director of Enterprise Information Security @ AVIAGE

•AVIAGE is 50/50 GE and AVIC joint venture, founded in 2012; a tier one avionics provider and integrator, providing products to COMAC (C919), Boeing (B787, B777), and other OEMs. AVIAGE has rapidly grown to a globally operated company with offices in China, US, and France

•Director of Enterprise Information Security (2014 – 2017) – responsible for 1) company information and product security strategy development and execution; 2) security policies and procedures creation and maintenance; 3) enterprise-wide security risk assessment and management; 4) security awareness and engagement programs; 5) security compliance programs (e.g. ISO27001). Major achievements include:

oEstablished ISO27001 framework and successfully obtained ISO27001:2013 certification.

oEstablished company-wide information security risk management program. Used a quantitative approach to identify and measure security risks. Established risk driven information security governance and investment processes.

oInstrumental in employee centric information security awareness program. Devised cybersecurity threat communication mechanism, including information security KPIs, monthly threat dashboard, 2-minutes reader. Launched employee engagement program, including Data Breach Bounty program, phishing test, human Pen test.

oFollowing OWASP and other industrial best practices, established secure development life cycle for both IT and product development. Implemented static and dynamic vulnerability check for applications. Established freeware and COTS software management process.

oDeveloped security compliance programs to meet regulatory, customer, and partner’s information security requirements. Successfully passed external audits from the ISO certification body DNV, customer or partner like COMAC, GE, Airbus.

•Director of IT (2012 – 2013) - responsible for IT strategy, roadmap, and program management. In addition, responsible for IT security strategy, controls, and compliance. Major achievements included:

oImplemented Oracle ERP, PTC Windchill PLM, and other major enterprise business applications.

oEstablished data center, global network, and other major IT infrastructure.

oArchitected IT security controls, including layered and segmented network, administrative account management, information asset management, vulnerability management, Data Loss Prevention(DLP) processes, Splunk SIEMS monitoring.

oEstablished security incident response process and built up Security Operations Center (SOC), including threat monitoring, device log review, incident analysis, and investigation.

Valero Energy (2002 - 2012) …. Senior IS Manager for Refining Systems

•Senior IS Manager (2010 – 2012) – responsible for architecting IT strategy, planning IT activities, and managing programs. Major achievements included,

oDesigned and implemented solutions to be in compliance with SOX regulatory requirements, such as GRC, 10k commitment disclosure.

oDesigned and implemented reliability improvement solution to monitor compressors, pumps, and electrical motors and to reduce their unplanned downtime, using SAP, Historian systems, and big data analytics technologies.

•IS Manager (2005 – 2010) – responsible for collaborating between IT and business, integrating business processes and technologies, and managing large IT projects. Major achievements included,

oDesigned and implemented Spend Analysis Dash Board solution to use SAP BW and Business Objects to visualize contract usage, classify spend for upper management and Sourcing to better manage spend.

oDesigned Contract Management Enterprise Solution

•IS Project Manager (2002 – 2005) – responsible for designing ERP solutions and managing projects. Major achievements included,

oImplemented ERP/SAP system at its 15 refineries and corporate.

Modis Solutions (1998 – 2002) … Senior SAP SD/MM Consultant

•Implemented ERP/SAP system at Sempra Energy, San Antonio City Public Services. Responsible for business process analysis, logistics solution design & implementation.

BASF (1994 – 1998) … IT Manager

•Implemented ERP/SAP system.

•Designed and implemented company network. Set up and managed servers. Established and managed perimeter network security.

QUALIFICATIONS & SKILLS

•CISM – Certified Information Security Manager by ISACA

•PMP – Project Management Professional by PMI

•Knows C, C#, Python, configuration of PA firewall, BC web proxy, F5 VPN gateway, SAP SD/MM, SAP Business Objects

EDUCATION

•Shanghai JiaoTong University, April 1994 - Master Degree in Mechanical Engineering

•Shanghai JiaoTong University, July 1991 – Bachelor Degree in Mechanical Engineering

Contact this candidate