Michael Pang

Managing Director

Michael Pang is a Managing Director based in Protiviti's Hong Kong office and is the IT Consulting practice leader for Protiviti Greater China. He possess 20 years of experience in advising top management on various strategic topics including cybersecurity, data privacy protection, IT strategy, IT organisation transformation, IT risk, post-merger integration and operation improvement. Before joining Protiviti, Michael has taken key consulting roles at Boston Consulting Group, A.T. Kearney and Kodak Services for Business.

Major Projects

  • Led a large number of security assessment and audits for ISO 27001, PCI DSS and NIST cybersecurity framework 
  • Assisted many HK and US listed companies in assessing and improving the cybersecurity and IT security governance 
  • Led a number of financial institutions (including asset management firm and insurance firms) for IT security compliance projects 
  • Advised multiple international hospitality and hotel groups on cybersecurity protection, security incident respond and data privacy issues 
  • Advised the China subsidiary of an international coffee brand on the security assessment and remediation effort, including the establishing of the security operations 
  • Led a number of data privacy impact assessment projects for IT system implementation for various departments of the Hong Kong Government 
  • Led a large number of technical security assessment exercise, including penetration test, vulnerability scan, phishing testing and source code review 
  • Led a number of audit and advisory projects helping clients in establishing risk management function as well as managing risks (especially technology risks) 
  • Experience in helping a number of banking and insurance firm in IT transformation as well as information protection/security 
  • Led the overall IT audit effort for 2 universities in Hong Kong on data security/privacy, IT governance and operational effectiveness 
  • Conducted a number of public speaking, awareness training and corporate educations on cybersecurity and IT security topics