Franklin Yeung

Franklin is a director with over 22 years’ experience in IT consulting, audit, and system implementation. He has experience in assisting organisations with IT/IS security, strategy, governance, risk management, internal controls, business continuity management, system implementation, and IT project management.

Major projects

• Information Security (IS): Led a number of information security projects such as :
  • Assessment and advisory based on industrial security frameworks and regulatory requirements such as ISO 2700x, NIST CSF, CIS, HKMA C-RAF.
  • Development of IS enhancement roadmap and provided implementation support.
  • Development of IT/IS security standards, policies, procedures, guidelines and operational manual, etc.
  • PCI DSS gap assessments, remediation supports and compliance audits.
  • Feasibility study of shifting IT environment to AWS cloud and advisory of cloud infrastructure design and implementation roadmap.
  • Vendor security assessments to determine how security and IT controls are properly implemented by providers.
  • Technical security assessment to determine security vulnerabilities, loopholes and misconfiguration, validate the findings and provide remediation recommendations through vulnerability scan/penetration test approach.
• Privacy Impact Assessment (PIA), Privacy Compliance Audit (PCA) and Data Protection Review: Led many privacy-related assessments including, PIA, PCA engagements in Hong Kong based on the Ch. 486 privacy ordinance. Besides, he also managed different review projects to evaluate how personal data was protected in the Hong Kong and China market.
• IT Internal Control & Audit, SOX Compliance: Led a number of IT internal control assessment, IT operational audits and IT SOX compliance engagement. He is experienced to perform a maturity review to evaluate and benchmark IT and information security governance.
• IT Strategy: Managed IT strategy and management activities assessment over infrastructure, application architecture and data management. Also provided advisory and support in the IT strategic planning & implementation.
• System Implementation: Has a lot of project management and system design, implementation and testing experience.
• IT Management and Security Training: Was involved in different inhouse training activities and provided number of presentations with respect to IT management, IS governance, security best practices, etc.

Professional memberships & certifications

• Certified in Risk & Information Systems Control (CRISC)
• Certified Information System Auditor (CISA)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified Information Security Manager (CISM)
• Certified Data Privacy Solutions Engineer (CDPSE)
• PCI Qualified Security Assessor (QSA)
• Certified ScrumMaster
• Member of ISACA, IIA, HKCS

Areas of expertise​

• IT Security and Privacy​
• IT Strategy and Governance​
• IT Audit / IT Compliance​
• System Implementation and Project Management​

Industry expertise​

• Information Technology ​
• Government​
• Hospitality​
• Casino
• Retail
• Media
• Manufacturing
• Game
• HealthCare

Education

• Bachelor of Electronic Engineering, The Chinese University of Hong Kong