Experience

Deloitte China

• China
• Management Consulting
• 100 - 200 Employee

• Associate Director

  • Oct 2018 - Present



PwC

• Professional Services
• 700 & Above Employee

• Manager

  • Mar 2015 - Oct 2018

  Cybersecurity service• Heavily participated into the diverse and continuous consulting services of system security review, data privacy, cloud computing security, cybersecurity maturity framework, data privacy review, ISO27001 gap assessment, and SOC reports as the leading role for the global leading technology enterprises, MNCs and the banking.• Outsourced to the client as the security leader to support the local cyber security practice in response to the requirements of China cybersecurity law.Internal control advisory• Developed and optimized the systematic risk assessment and control attestation framework / program to improve the internal control environment in accordance with the Sarbanes-Oxley Act Section 404 (SOX404) requirements, FCPA compliance and business development.• Provided the practical suggestions to the management in regard to relevant internal control review findings and assisted the corresponding remediation.• Performed as the PMO to conduct regular project management and communicate with global senior management and steering committee of the client regarding the project deliverables and status quo.



Deloitte

• Business Consulting and Services
• 700 & Above Employee

• Senior Consultant

  • May 2010 - Mar 2015

  Project leading• Developed overall understanding of risk profile, and performed risk assessment and scoping of work based on the actual business modules.• Demonstrated different methodologies and review approach according to engagement natures of either recurring audit, consulting or other strategic structuring.Internal control audit/consulting (C-SOX/US SOX/Internal control outsourcing)• Established control objectives, identified and assessed individual controls accordingly through understanding business processes, e.g. financial reporting, sales, purchases, inventory, assets management, IT etc.• Identified and communicated control deficiencies on a timely basis and provide professional resolution to address the issue, including consultation of implementation if necessary.System security review• Performed automated controls review on various systems such as SAP, Oracle Financials, Hyperion etc.• Performed logical security review, including the configuration, system development and access controls.



Grant Thornton LLP (US)

• United States
• Accounting
• 700 & Above Employee

• Associate

  • May 2008 - May 2010

  Internal control review (SOX404 and Practice Note 21 of Hong Kong Listing Rules)• Performed the assessments on different key business processes such as financial closing, inventory, sales, purchases, payroll, and IT general controls.ERP security improvement• Focused on ERP system configuration security in compliance with the actual business and legislation requirements.



PwC

• Professional Services
• 700 & Above Employee

• Intern - Assurance Group 3

  • Aug 2007 - Mar 2008

  Financial audit service• Assessed the accounting policies adopted by the client to determine if they are in compliance with relevant accounting standards.• Verified balance sheet and performed substantive testing.