China Cyber Security

China Security Law (Basic Law) to National Regulations (GB/T) and Financial Industry Regulations (JR/T)

Related Experience:

  • Currently developing the independent risk assessment framework and controls in preparation for an on-site operational readiness assessment to validate compliance with established policies and (national, industry, China UnionPay, and company) standards

  • Led the mapping and analysis of China UnionPay Data Security Standards (UP DSS) for credit card processing to Payment Card Industry Data Security Standards (PCI DSS), which identified gaps and related risks/impacts as input for strategic and tactical decisioning by numerous VPs and directors

  • In collaboration with Operational Excellence and Privacy leaders, developed the information technology and information security policies for American Express’ joint venture in China required for payment card network licensing application

  • Developed the policy framework for information technology and information security risk management policies and standards for American Express’ joint venture in China

  • Worked with China-based resources to develop an Information Security Management System (ISMS) to comply with ISO 27001 requirements

  • Developed the company’s Personal Information Protection Mechanism Regulations, Cross-Border Personal Information Transfer Risk Assessment Specification, and Bankcard Payment Network Information Security Standards

  • Created cross-referenced traceability matrix of China legal and regulatory controls (more than 2,000) to identify overlap

  • Mapped American Express policy and standards requirements to Joint Venture's ISMS library of measures and standards

  • Developed information security domain-specific training material to educate American Express technical teams on relevant Chinese control requirements

  • Consult on product selection for compliance with China’s national requirements for encryption and security tools and technologies

  • Participate in product implementation validations

Experience With:

  • China Cyber Security Law

  • GB/T 22239 Information Security Technology - Baseline for Classified Protection of Information System Security

  • GB/T 22080 Information Technology - Security Techniques - Information Security Management Systems Requirements (ISO 27001)

  • GB/T 22084 Information Security Technology - Risk Assessment 

  • GB/T 35273 Information Technology - Personal Information Security Specification

  • JR/T 0071 Implementation Guide for Classified Protection of Information System of Financial Industry

  • JR/T 0072 Testing and Evaluation Guide for Classified Protection of Information System of Financial Industry

  • JR/T 0142 Technical Requirements for Bank Card Clearing Business Facilities

  • Cyberspace Administration of China (CAC) Security Assessment Measures for Cross-Border Transfer of Private Information and Important Data

  • Critical Information Infrastructure Protection Regulation

  • China UnionPay Data Security Standards (UPDSS) to Payment Card Industry Data Security Standard (PCI DSS), Personal Information Standard

  • Data Security Management Measures (Draft)

CONTACT ME

+1.602.821.5131