David C. CISM, CRISC, CISA, CGEIT, CDPSE, CCISO, CCSK, CEH, SIRM, PMP, TOGAF, SFC, SSY/GB, FIPA/FFA

Institute of Financial Accountants

Professional Certification in Financial Accounting, Financial Accounting

January 1, 2005 – January 1, 2007

Asia Pacific University of Technology and Innovation (APU / APIIT)

Bachelor's Degree, Computing (Enterprise)

January 1, 2004 – January 1, 2005

Asia Pacific University of Technology and Innovation (APU / APIIT)

Higher Diploma, Computer System (Network, DB, OS)

January 1, 2002 – January 1, 2003

Asia Pacific University of Technology and Innovation (APU / APIIT)

Diploma, Information Technology

January 1, 2001 – January 1, 2002

SMK Maxwell (KL)

PMR, SPM, STPM, Science stream

January 1, 1994 – January 1, 2000

PMI-PMP

Project Management

N/A – Present

ISACA

CISM - Certified Information Security Manager

N/A – Present

Institute of Risk Management

SIRM, Technical Specialist

N/A – Present

Cloud Security Alliance

Cloud Computing

N/A – Present

6SigmaStudy™

Certified Six Sigma Yellow Belt Professional

N/A – Present

Good e-Learning

TOGAF® 9, Enterprise Architecture

N/A – Present

Blackmores Limited (Group)

Group Cyber Security GRC Lead | Group IT

November 1, 2023 – May 1, 2024

New South Wales, Australia (based in UOA Business Park, Malaysia) · Remote

Hytech Technology | Hytech Consulting Management Sdn Bhd

Security & Risk Advisor (Security Architect), Cyber and Information Security (Director)

July 1, 2023 – November 1, 2023

KL Ecocity, Bangsar (headquartered in Sydney NSW) · On-site

Credit Guarantee Corporation Malaysia Berhad

Head, IT Risk & BCM, Risk Management (ERM|ORM)

October 1, 2022 – July 1, 2023

Credit Guarantee Corporation Malaysia Berhad

Change Agent (under Digital Transformation Office)

August 1, 2022 – July 1, 2023

Credit Guarantee Corporation Malaysia Berhad

All about Business Continuity Management (Operational + Cyber Resilience) | CGC BCM Coordinator

July 1, 2022 – July 1, 2023

Credit Guarantee Corporation Malaysia Berhad

All about IT Risk and Compliance

January 1, 2022 – July 1, 2023

PCCW Solutions Ltd. Group Business Operations (IT & Operations)

Senior Business Governance & Control (BISO)

August 1, 2021 – January 1, 2022

HQ - HK SAR; Based @Bangsar South, KL

IT Risk, CISO | Regulatory & Technology Compliance | Ops Risk | Compliance (Acting Head) | DataGov

Technology & Operational Risk (Head) | ERM | co-BCM Coordinator

January 1, 2020 – August 1, 2021

Risk Management & Compliance @ Hong Leong Assurance Berhad

IT Risk, CISO | Regulatory & Technology Compliance | Ops Risk | Compliance (Acting Head) | DataGov

Head, Regulatory & Technology Compliance

July 1, 2019 – August 1, 2021

Risk Management & Compliance @ Hong Leong Assurance Berhad

IT Risk, CISO | Regulatory & Technology Compliance | Ops Risk | Compliance (Acting Head) | DataGov

Acting Head, Compliance

July 1, 2019 – September 1, 2020

Risk Management & Compliance @ Hong Leong Assurance Berhad

IT Risk, CISO | Regulatory & Technology Compliance | Ops Risk | Compliance (Acting Head) | DataGov

Data Governance and Data Management (Appointed Data Steward)

June 1, 2019 – August 1, 2021

Risk Management & Compliance @ Hong Leong Assurance Berhad

IT Risk, CISO | Regulatory & Technology Compliance | Ops Risk | Compliance (Acting Head) | DataGov

Head, Information Security Officer (CISO)

December 1, 2018 – September 1, 2021

Risk Management & Compliance @ Hong Leong Assurance Berhad

IT Risk, CISO | Regulatory & Technology Compliance | Ops Risk | Compliance (Acting Head) | DataGov

Cyber Security Manager (Lead) | Operational Risk | Regulatory Compliance

September 1, 2018 – June 1, 2019

Risk Management & Compliance @ Hong Leong Assurance Berhad

IT Compliance, Risk & Control (SOX); InfoSecurity; Regulatory; TP/SP Review; Investment; Operations

IT Audit Lead - Pioneered IT audit; SOX Program Lead (IT/Business Controls Compliance & Advisory)

October 1, 2016 – September 1, 2018

Tokio Marine Life Malaysia, Menara Tokio Marine Life, Jalan Tun Razak

Designated IT Risk Champion | IT, Project, Ops & DA Audits in AmMetLife Insurance & Takaful

IT Audit Manager - Pioneered IT audit function (reporting regionally); Supported operational review

January 1, 2015 – October 1, 2016

Menara 1 Sentrum, Jalan Tun Sambanthan

CIMB

Reviewed Bank's project governance, compliance, risk, quality assurance and system security controls

December 1, 2012 – April 1, 2015

Menara Bumiputra Commerce, Jalan Tuanku Abdul Rahman

ASSEMBLY OF GOD CHURCH

Board Member

January 1, 2012 – Present

Jalan Ipoh, Kuala Lumpur

Uni.Asia Life Assurance (now a.k.a Gibraltar BSN Life Berhad)

Lead IT Auditor - Pioneered the IT audit function in UAL

December 1, 2011 – November 1, 2012

Bangunan Uni Asia Life, Jalan Tun Tan Siew Sin, 50050 Kuala Lumpur

Maybank

Senior Auditor - Led Head Office, Operations, Compliance, Off-shore, Finance & IT audit engagements

January 1, 2010 – December 1, 2011

Menara Maybank 100 Jalan Tun Perak 50050 Kuala Lumpur

Lonpac Insurance Berhad

Senior Executive, IT Audit

May 1, 2007 – January 1, 2010

Bangunan Public Bank, Jalan Sultan Sulaiman

Tesco Stores (Malaysia) Sdn Bhd

Supply Chain Import - Liaison on inventory, shipping, distribution (FMCG), & MIS

May 1, 2005 – April 1, 2007

Mutiara Damansara

ASSEMBLY OF GOD CHURCH

Member

January 1, 1996 – December 1, 2011

Jalan Ipoh, Kuala Lumpur

Cybersecurity Risk Insurance

November 1, 2024 – March 1, 2025

Working with Howden Insurance Broker to explore, risk evaluation, assess the right adequate coverage, and acquire cyber risk insurance for QL-wide as part of the cyber risk management program.

Building QL Enterprise-wide Architecture Landscape

October 1, 2024 – April 1, 2025

My previous project engagement with EA consultants to build up and oversee the entire architectural landscapes of the company took about 6 months - that only covered Application-stack and Data-stack architecture.

QL's Cybersecurity and Risk Management Program

June 1, 2024 – Present

Ongoing Projects: Email Security, Privileged Access Management, Endpoint Security, Technology Refresh, Cyber Insurance, Modernizing Work (M365 migration). Exploratory Initiatives: Advanced Endpoint Protection, Attack Surface Management, Mobile Device Management, SOC, ZTNA, Detection & Response (DFIR).

Third Party Risk Management Program

November 1, 2023 – April 1, 2024

Driven the overall implementation of OneTrust's Third Party Risk Management (TPRM) to facilitate Blackmores vendors' due diligence, on boarding, off-boarding and security risk assessment.

Security Improvement Program Baseline

August 1, 2023 – Present

End-to-end discovery of Hytech's AWS environment against 200+ security best practices using pre-built security standards / frameworks and understand current security management and practices.

Integrated GRC Platform

February 1, 2022 – August 1, 2023

Lead the project and business case/proposal and defining requirements for ORMS and BCMS system implementation.

Various digital transformation initiatives under cloud platforms

February 1, 2022 – July 1, 2023

Projects - IPPBX (Microtel); Collection & Recovery (Stampede / Silverlake); OCR; eKYC on iMSME (WISE AI); Virtual Desktop (via AWS Workspace), Enterprise Data Warehouse CGC Digital's (FinTech) PAVE Platform leveraging on AWS cloud technologies/capabilities

SOC Compliance Certification

August 1, 2021 – January 1, 2022

Proposed, explored and drove the preparation in facilitating the SOC compliance pre-certification roadmap to establish the company’s credibility and trustworthiness as IT service provider to clients.

Data Management Standards

June 1, 2019 – August 1, 2021

Appointed to take leadership charge of the BNM SAQ Survey on Data Management Practices (2019) in accordance to BNM Guidelines on Data Management and MIS Framework, with the ensuing tasked to institute data governance practices. Collaborate with senior management, key business and technology stakeholder in driving an HLA-wide Data Governance strategy, operationalize the data management policies, procedures and standards.

Various cybersecurity engagements

September 1, 2018 – August 1, 2021

Project (modest scale) & vendor management - lead cyber-drill, phishing, CIRP, Red Team & compromise exercises in line with BNM's Risk Management in Technology Collaborated with IT on third party cybersecurity engagement - cloud computing adoption strategy (Azure, GCP, ACP, AWS), & CERT appointment.

Various digital and cloud projects

September 1, 2018 – August 1, 2021

Involved in project security advisory on proposed digital/cloud/FinTech (eg. SAS Prophet, Basecamp, Zendesk, Jira | Atlassian | Confluence, BitBucket, Yellow Messenger's AI-Chatbot Omnichannel, OCR, MSDynamics365, Revenue Monster (e-/Mobile Payments | e-wallet | Alibaba Cloud), QR, Google Workspace (G-Suite), Accordia VoIP, Kofax e-doc e-sign), Azure's Microservices Technology Governance - Supported ITD (1st LoD) oversee the enterprise-wide oversight of technology risk, including audit & regulatory compliance obligation Monitored technology projects lifecycle & delivery as main liaison supporting IT, PMO, Digital & Ops teams

Certified Data Privacy Solution Engineer (CDPSE)

ISACA

June 23, 2026 – Present

Certified Information Security Manager (CISM)

ISACA

June 23, 2026 – Present

Project Management Professional (PMP)

Project Management Institute

June 23, 2026 – Present

Associate C|CISO

EC-Council

June 23, 2026 – Present

ICA Associate Membership

International Compliance Association

June 23, 2026 – Present

Certificate of Cloud Security Knowledge (CCSK)

Cloud Security Alliance

June 23, 2026 – Present

Six Sigma Green Belt (SSGB)

6sigmastudy - The global certification body for six sigma certifications

June 23, 2026 – Present

Scrum Fundamentals Certified (SFC)

Vabro.ai and VMEdu.com (Scrum/Kanban/AI/Business Analysis/OKRs/Six Sigma/Sales and Marketing etc.)

June 23, 2026 – Present

SMstudy® Certified Digital Marketing Fundamentals (SCDM-F)

SMstudy - Global Accreditation Body for Sales and Marketing Certifications

June 23, 2026 – Present

TOGAF® 9 Foundation

The Open Group

June 23, 2026 – Present

HOW TO BECOME HIGHLY PAID HACKER

HackingFlix

June 23, 2026 – Present