China Cyber Security

Developed the independent risk assessment framework and controls in preparation for an on-site operational readiness assessment to validate compliance with established policies and (national, industry, China UnionPay, and company) standards

Led the mapping and analysis of China UnionPay Data Security Standards (UP DSS) for credit card processing to Payment Card Industry Data Security Standards (PCI DSS), which identified gaps and related risks/impacts as input for strategic and tactical decisioning by numerous VPs and directors

In collaboration with Operational Excellence and Privacy leaders, developed the information technology and information security policies for American Express’ joint venture in China required for payment card network licensing application

Developed the policy framework for information technology and information security risk management policies and standards for American Express’ joint venture in China

Worked with China-based resources to develop an Information Security Management System (ISMS) to comply with ISO 27001 requirements

Developed the company’s Personal Information Protection Mechanism Regulations, Cross-Border Personal Information Transfer Risk Assessment Specification, and Bankcard Payment Network Information Security Standards

Created cross-referenced traceability matrix of China legal and regulatory controls (more than 2,000) to identify overlap

Mapped American Express policy and standards requirements to Joint Venture's ISMS library of measures and standards

Developed information security domain-specific training material to educate American Express technical teams on relevant Chinese control requirements

Consult on product selection for compliance with China’s national requirements for encryption and security tools and technologies

Participated in product implementation validations