Open to opportunities

Christy Tang

@christytang

Message

Experienced cybersecurity and risk management professional with global expertise.

United Kingdom

Message

What I'm looking for

I am looking for a role that allows me to leverage my extensive cybersecurity experience while fostering a culture of compliance and risk awareness within an innovative organization.

I am an insightful and results-driven Information and Cybersecurity professional with over 20 years of global experience. My career has been dedicated to directing IT security initiatives, driving operational resilience, and aligning security practices with business objectives. I have extensive expertise in various regulatory frameworks, including ISO27001, COBIT, and GDPR, and I am recognized for leading high-stakes projects that enhance security frameworks to mitigate financial crime risks.

Throughout my career, I have developed a comprehensive global Security Control Matrix and successfully implemented risk controls for numerous high-risk projects. My hands-on approach has allowed me to support Risk and Resiliency tools for Business Continuity and Risk Management effectively. I thrive in collaborative environments, partnering with business units to create and review Business Continuity Management documentation while promoting the adoption of innovative cybersecurity training initiatives.

My commitment to continuous improvement and excellence in cybersecurity governance has been a driving force in my career. I am passionate about leveraging my skills to enhance security architectures and operational resilience, ensuring that organizations can navigate the complexities of today's digital landscape.

Experience

Work history, roles, and key accomplishments

Senior Risk Analyst

SHI Corporation UK

Mar 2023 - Oct 2023 (7 months)

Supported Risk and Resiliency tools for Business Continuity and Risk Management, including third-party risk management systems. Led internal governance reviews and audits for ISO27001/9001 compliance, and developed global security control frameworks.

ISO 27001 ISO 9001 Risk Management Business Continuity

IRM Risk and Controls Management / Security & Compliance Lead

Shell Energy

Feb 2022 - Dec 2022 (10 months)

Led security risk assessments for high-risk projects and cloud environments, providing guidance on mitigation strategies. Translated technical, legal, and regulatory compliance obligations into cohesive security control frameworks.

Risk Assessment Cloud Security Regulatory Compliance Security Architecture

Senior Operational Risk Manager

NASDAQ

Oct 2021 - Dec 2021 (2 months)

Collaborated with Technology Risk Management to assess and mitigate risks on-prem and cloud infrastructure. Managed system migration compliance with ESMA guidelines and led security assessments for third-party AWS exit strategy requirements.

Cloud Infrastructure ESMA AWS Regulatory Compliance Operational Risk Resilience

Senior Information Risk Manager

Cognizant Worldwide Ltd

Feb 2021 - Sep 2021 (7 months)

Managed security and compliance risks for acquisitions and cloud-related risks. Conducted risk assessments for newly acquired and merged sites, incident response, and supported security during deployment and integration.

Cloud Security M&A Security Incident Response

Technology Risk Manager

ICBC Standard Bank

Aug 2018 - Jun 2019 (10 months)

Oversaw risk governance, incident response, third-party risk management, and audit facilitation. Championed best practices for General Computer Controls, such as change management and identity access management.

Risk Management Incident Response Third Party Risk Management Vulnerability Assessment SDLC

Information Security Analyst

LCH Ltd

Sep 2016 - Dec 2017 (1 year 3 months)

Conducted RCSA for European business units, security incident analysis, and regulatory and audit facilitations. Designed cybersecurity controls and framework for operational resilience and improved risk control assurance reporting.

RCSA Controls Cyber Controls Assurance Network Security Application Security SIEM

IT Audit Consultant/Business Partner

Thomas Cook Group Plc

Sep 2013 - Sep 2016 (2 years 11 months)

Conducted ITGC audits across 26 countries, evaluating internal controls, third-party systems, and PCI-DSS compliance. Provided security risk oversight and advised on multiple transformation projects with IT teams.

ITGC PCI DSS Security Risk Oversight SIEM Penetration Testing Incident Management

Compliance Control Manager

Kantar Group

Sep 2011 - Sep 2013 (2 years)

Managed IT operational resilience and audit compliance across regions, leading ISO27001 recertification. Implemented and managed logical IT security access controls across global business regions.

ISO 27001 Endpoint Security

Security Analyst

Citigroup

Dec 1999 - Nov 2006 (6 years 11 months)

Facilitated audit findings and risk control remediation with global business for management reporting. Supported security projects rollouts for Citigroup Technology Optimization Program across Europe outsourced locations.

Risk Control

IT Security Auditor

BBC Worldwide

Mar 1999 - Nov 1999 (8 months)

Prioritized risk, planned field audit scope, and evaluated Enterprise Security Management system for London Network Operations. Conducted vulnerability assessments and system walkthroughs on corporate IT security systems.

Prioritization Enterprise Security Vulnerability Assessment System Walkthroughs