Raymond Teo Boon Kwee
Summary
Technical and cybersecurity practitioner with a robust track record of providing strategic guidance and technical direction across diverse sectors, including public sector government, manufacturing, technology, pharmaceuticals, consulting, and IT services. Demonstrated expertise as a Business Information Security Leader and Cyber Security Architect in international settings throughout the Asia Pacific and ASEAN regions, including Vietnam, Australia, China, India, and Thailand. Skilled in implementing cybersecurity frameworks, conducting security awareness training programs, managing cybersecurity incidents, and overseeing governance, risk, and compliance initiatives. Proven success in designing IT security policies and procedures while collaborating with business stakeholders to align security requirements and drive transformative processes that enhance organizational growth.
Overview
23
23
years of professional experience
1
1
Certification
Work History
Associate Director GGM, Business Information Security Officer (BISO) APAC
Cognizant Technology Solutions Asia Pacific Pte Ltd
12.2022 - Current
- Manage ASEAN BISO team comprising of direct reports such as IT security analysts, IT security lead based in India and Australia and implement security Governance, Risk and Compliance (GRC) for the wide variety of client delivery engagements of Cognizant within the ASEAN region, including banking, financial services, insurance, mining, telco and public sectors.
- Serve as an expert advisor to executive leadership team in the develop, implementation, and maintenance of a strong information security program and infrastructure, including network access and monitoring policies.
- Directs the strategy and operations for the protection of the organization’s information and data assets.
- Lead in Deals Risk Assessment and apply regional and international cyber security and privacy laws, frameworks and standards such as ISO 27001, NIST-CSF, MAS TRM, SG & PRC Cybersecurity Act, SG PDPA, PRC PIPL and EU GDPR.
- Report to the Global Business Information Security Officer (BISO) and get management support from the Chief Security Officer and affiliated Centre of Excellence (CoE) leaders to ensure organisational practices align with business objectives and evolving threat landscape.
- Collaborate with Organizational legal, compliance, DPO, Risk management and oversight functions to conduct reviews/audits, recommend policies and procedures, monitor status and report violations to BU Senior Leadership team.
- Perform master service agreement contract review and work with legal and compliance team. Lead in liaising with cyber insurance companies to advise clients on cyber insurance recovery process in the event of breach/renewal.
- Apply end-to-end risk management principles guided by business context and risk appetite. Identify, assess and respond to risks.
- Share IT security goals and objectives with the organization’s business units and senior management.
- Develop security management and data protection plan for key accounts: identify assets & threat vectors. Define mitigations and control framework.
- Conduct periodic risk and control assessments of our adherence to obligations and security management plan. Provide implementation plans to close gaps.
- Manage and Distribute BIS team security budget and resources according to the business impact of the information security risks.
- Manage security architecture technical review of customer intranet/internet/cloud hosted systems including core banking systems and Application Programming Interface (API) design for any new opportunity/deal that requires solutioning.
- Manage Outsourced Services Provider Audits for local banking customers e.g. UOB, BJB, Standard Chartered.
- Manage BISO Concierge Support team on any internal and external queries by customers pertaining to BIS service catalog and services, third party risk assessment, posture alignment, etc.
- Manage internal privacy certifications attestations requirements such as DPTM, ISO27701 PIMS and drive internal gap assessment as part of ongoing continuous control risk management (CCRM).
- Manage third party or client audit/security assessment activities such as SOC report, PCI-DSS and ISO 27001. Plan audit scope and schedule, and coordinate with various corporate functions to collect/produce evidences.
- Advise delivery team on reviewing the Technical Solution Designs and Secure SDLC processes to ensure IT products and services are foundationally secure in accordance to risk appetite.
- Coordinate corporate incident management response and support investigations within a strict timeframe according to local breach notification reporting requirements. Liaise with customers and external parties.
- Develop Security Training and Awareness materials to uplift Cyber Security vigilance, and conduct or facilitate awareness sessions for all associates across multiple customer engagements.
- Reason for Leaving: Not actively looking but open to discuss on better career opportunities.
Senior Advanced Cyber Security Engineer/Architect
Honeywell Pte Ltd
12.2021 - 12.2022
- Promote, raise awareness of and execute HBS Cyber security offerings focused on protecting OT and ICS systems.
- Support projects to ensure timely delivery within budgets and ensure customers' satisfaction
- Implement security control and processes to protect HBT deployed solutions and conduct regular audits
- Set IT Security framework and enforce teams' adherence to ensure secured customers' systems
- Maintain and update cyber security certifications and expert knowledge with current requirements
- Develop trusted relationships with customers from Critical Information Instructure (CII) sectors to provide Level 3 technical/engineering support.
- Lead the presales of all cyber security solutions covering OT Cyber security threat detection and response platform, secure configuration design & review, security monitoring & cyber security assessment, Secure media exchange(SMX), Endpoint Detection and Response (EDR) tools, Honeywell Forge Cyber security Suite
- Collaborate with stakeholders and customers on enquiries, issues and solutions
- Advise customers on industry security standards such as IEC-62443, NERC CIP, ISO 27000
- Identify global HBS cyber security initiatives and evaluate current & potential cyber security offerings
- Collaborate with cross-functional teams to support and improve HBS Cyber security offerings
- Support global and regional tender processes for Cyber security opportunities and bids worldwide
- Develop global ICT/Cyber standards for system implementation, including server configurations, security design, virtual deployments, network deployment requirements, EBI/DVM hardening and backup & anti-virus
- Identify areas of excellence and best practices through knowledge sharing
- Track relevant developments, innovations, best practices and emerging technologies
- Ensure HBS product portfolio fits the changing needs of customers and the regional market
- Reason for Leaving: Irrate Travelling expectations during Covid affecting parenting commitments.
- Key Contributions / Career Highlights:
- Increased pre-sales activities across the APAC region for cyber inject sales business transformation by 200%
- Drove 100% increase of regional pole spot opportunities wins through audit findings/security gaps
- Completed projects 100% on schedule, cost and per customer requirements with cross-functional teams
- Enhanced roadmaps and completed industry-level certifications
- Established the Cyber Center of Excellence lab for customers in APAC to showcase Honeywell cyber security solutions and offerings.
IT Security Manager, IT Governance Risk and Compliance
Ensign InfoSecurity (Systems) Pte Ltd
03.2020 - 12.2021
- Serve as IT Security Management contact and advisor for public/private sector/banking and financial sector customers
- Oversee key government work with Whole of Government governance scope and control
- Supervise a team of 5 direct reports of IT Security Officers and other Information Security personnel
- Develop policies and guidelines focusing on data confidentiality, integrity and availability
- Design security architecture for highly scalable and fault-tolerant networks and environments
- Design new IT security controls, identifying the attack vectors and areas of IT Security risk and exposure
- Assess vulnerability information based on Common Vulnerability Scoring System (CVSS) and conduct risk assessments to advise on security remediation and countermeasures plans to lower the level of residual risk for risk acceptance
- Tighten SIEM security, focusing on early incidents & threats identification to the IT assets in scope for the projects
- Oversee and supervise information security assurance activities which are aligned to IM8/NIST/ISO 27001 Security Frameworks to ensure customer security requirements are met
- Oversee the continuous updating of existing IT security policies, procedures and standards defined for each project according to customer requirements
- Oversee web security application testing activities on internet-facing/DMZ applications using manual static application testing (SAST) and automated dynamic security testing techniques (DAST) according to OWASP framework and CWC/SANS Top 25 most dangerous software errors
- Oversee IT security awareness training program, information security audits and manage vulnerability assessment scans and penetration testing activities of mission-critical assets
- Drive IT Security audits on IT architecture and the review of host-based secure configuration based on Centre for Internet Security (CIS) benchmarks and updating of system hardening benchmark guidelines and checklists
- Drive tracking and reporting of IT security scorecard performance, continuously measure critical compliance indicators to report to the customer-appointed CISO on the overall cyber security posture of each project
- Communicate goals, manage escalated issues and generate reports
- Reason for Leaving : Long Term Contract Renewal Role
- Key Contributions / Career Highlights:
- Achieved 100% completion of audit finding risks and all key cyber security deliverables
- Directed and delivered information assurance activities to IT security officers across several assigned key projects on stringent 3 months time frame with an audit scope mainly comprising of Vulnerability assessment, Web Application Penetration test and IT Security Compliance review
IT Security Manager, Compliance and Project Management
Nuvista Technologies to HTX (Home Team Science & Technology Agency)
01.2019 - 03.2020
- Serve as IT Security Management contact and advisor for public/private sector customers
- Oversee key government work with Whole of Government governance scope and control
- Manage resources and mentor Junior IT Security Project Officers
- Plan projects ranging from network access control, NIPS, firewalls vulnerability, anti-malware endpoint protection, security monitoring and compliance tools in Azure Boxer DC and on-premise infrastructure
- Enforce compliance to IM8 policies and perform risk assessments on IT systems
- Schedule and track project milestones assigned to vendors and teams
- Design all network infrastructure and ICT security projects aligned with IT Security Governance Department (ISGD)
- Ensure seamless daily operations on IT security incidents response and root causes
- Perform requests for budget approval, tender & contracts via the GeBiz portal
- Operate budgets, resolve issues and evaluate potential new initiatives to mitigate risks
- Drive contract renewals & payments and remediation of security vulnerabilities
- Ensure proper capitalisation of IT assets and services after project completion
- Represent the AISAA annual audits on the ICT infrastructure to review gaps
- Identify improvement areas for ICT security operations, network operations and setup
- Key Contributions / Career Highlights:
- Complimented by key stakeholders for managing all key projects as per timeline, scopes and requirements
- Cleared key critical project milestones on AISAA annual audit, system security acceptance test (SSAT), onboarding to an in-house security operations centre
Regional IT Infrastructure/Security Manager
Abbvie Operations Singapore Pte Ltd
01.2014 - 09.2018
- Report directly to the Global Infrastructure Operations Manager for JAPAC based in Chicago USA
- Ensure compliance in IT infrastructure operations to support offices and manufacturing plants
- Work with global HR as the IT business partner to oversee end to end upgrade of payroll, HRMS and ERP platforms.
- Align IT initiatives with business goals and manage site priorities
- Supervise the IT infrastructure/security team of 9 supporting Bio and API manufacturing facilities
- Direct the remote 24x7 DXC NOC team based in Bangalore, India, covering JAPAC
- Resolve operational incidents/escalations using ServiceNow and deliver ITIL projects
- Drive SIEM security initiatives to detect incidents and threats early
- Design critical security operations metrics and implement appropriate measures
- Perform security incident identification, assessment, mitigation and monitoring
- Enforce compliance to policies and align them with NIST SP 800-43, CIS, PCI DSS frameworks
- Manage IT infrastructure security projects, including compliance and IT risks mitigation
- Plan network, server and platform infrastructure solutions and analyse requirements
- Lead IT infrastructure change and conducted audits with external auditors
- Oversee timely infrastructure design testing to meet business requirements
- Formulate security options to mitigate risks and manage IT security consultants/vendors
- Document IT security policies, technical standards and security standards
- Develop test cases and data and manage enterprise storage and virtualisation environment
- Ensure data integrity and compliance standards of GxP Infrastructure (Servers and PCs)
- Key Contributions / Career Highlights:
- Received Abbvie Excellence Awards for outstanding contribution to SG ops and Agile & Accountable in 2018
- Reduced the number of email platforms by migrating from Microsoft Exchange to Exchange 365 Cloud
- Championed the implementation of IT security information and event management platform to provide real-time monitoring, threat detection and IT security incident management
- Implemented the disaster recovery procedures for computing facilities and regional data centres, saving $100K annually
- Migrated network firewalls to next-generation firewalls in the Data Center and remote offices
- Improved manufacturing system security involving segmented network between industrial and user network and DMZ zones
Technology Consultant III – Senior Network Engineer
Hewlett Packard Services (Singapore) Pte Ltd
01.2008 - 01.2014
Senior Network Operations Engineer
Opus IT Services Pte Ltd (IBM Subsidiary)
01.2003 - 12.2007
Education
Masters of Management - Information Technology
University of Melbourne
01-2012
Bachelor's Degree - Business Information Technology
University of Wales
01-2005
Diploma - Computer Studies
Ngee Ann Polytechnic
01-2000
Skills
- Cyber Security Controls and Architecture Frameworks
- Cyber Security Incident Handling & Response
- Governance Risk & Compliance
- Operational Technology
- Information Security Audits
- IT Security Architecture & Design Review
- Third Party Risk Assessment
- Security Awareness Training Program
- Effective Communication
- Stakeholder Relationship Management
- Strategic Leadership
- Team Supervision & Development
- Detail-oriented
- Project management
- Strategic leadership
- Analytical thinking
- Coaching and mentoring
- Team collaboration and leadership
Accomplishments
Incident Response & Security Operations
- "Reduced Mean Time to Detect (MTTD) by 40% by implementing a new SIEM alert structure."
- "Thwarted 100+ phishing attacks annually through the deployment of AI-based email security solutions."
- "Led the containment of a ransomware attack within 4 hours, resulting in zero data loss."
Vulnerability Management & Compliance
- "Reduced critical system vulnerabilities by 80% by developing a automated, risk-based patching schedule."
- "Achieved 100% compliance with ISO 27001 standards by auditing and updating security policies."
- "Conducted 50+ penetration tests, identifying and remediating 20+ critical vulnerabilities."
Architecture & Engineering
- "Architected a zero-trust security framework across 5 cloud environments, reducing the attack surface by 73%."
- "Modernized firewall policy management, enhancing threat prevention capability by 45%."
- "Implemented MFA across the organization, reducing unauthorized access incidents by 95%."
Training & Strategy
- "Reduced phishing click rates by 60% by implementing a comprehensive employee security awareness program."
- "Mentored 5 junior analysts, improving team efficiency by 15%
Certification
- Certified Chief Information Security Officer (CCISO) , ( EC-Council) 2025
- Comptia Certified Cyber Security Analyst+ (Comptia) 2022
- Certified in Risk and Information Systems Control (CRISC), Information Systems Audit and Control Association (ISACA) 2021
- Certificate of Cloud Security Knowledge (V4), Cloud Security Alliance (CSA) 2021
- Certified Information Security Manager (CISM), Information Systems Audit and Control Association (ISACA) 2020
- Certified Information Security Auditor (CISA), Information Systems Audit and Control Association (ISACA) 2020
- ISO27001:2013 - Certified Lead Auditor, Global Association for Quality Management (GAQM) 2020
- Prince2 @ Foundation, 6th Edition, Certificate in Project Program/Portfolio Management, Peoplecert, AXELOS 2020
- Project Management Professional (PMP), Project Management Institute 2020
- Certified Ethical Hacker v10 / Certified Network Defense Architect, EC-Council 2020
- Certified Hacking Forensics Investigator, EC-Council 2020
- Certified Data Privacy Solutions Engineer (CDPSE), Information Systems Audit and Control Association (ISACA) 2020
- ITIL Foundation in IT Service Management v3, BCS, The Chartered Institute for IT 2016
Languages
English
Full Professional
Chinese (Mandarin)
Limited Working
Timeline
Associate Director GGM, Business Information Security Officer (BISO) APAC
Cognizant Technology Solutions Asia Pacific Pte Ltd
12.2022 - Current
Senior Advanced Cyber Security Engineer/Architect
Honeywell Pte Ltd
12.2021 - 12.2022
IT Security Manager, IT Governance Risk and Compliance
Ensign InfoSecurity (Systems) Pte Ltd
03.2020 - 12.2021
IT Security Manager, Compliance and Project Management
Nuvista Technologies to HTX (Home Team Science & Technology Agency)
01.2019 - 03.2020
Regional IT Infrastructure/Security Manager
Abbvie Operations Singapore Pte Ltd
01.2014 - 09.2018
Technology Consultant III – Senior Network Engineer
Hewlett Packard Services (Singapore) Pte Ltd
01.2008 - 01.2014
Senior Network Operations Engineer
Opus IT Services Pte Ltd (IBM Subsidiary)
01.2003 - 12.2007
Bachelor's Degree - Business Information Technology
University of Wales
Diploma - Computer Studies
Ngee Ann Polytechnic
Masters of Management - Information Technology
University of Melbourne