Michael Pang

Managing Director

Michael is a managing director with over 20 years’ experience. He is the IT consulting practice leader for Protiviti Hong Kong and Mainland China. His experience covers cybersecurity, data privacy protection, IT strategy, IT organisation transformation, IT risk, post-merger integration and operation improvement. Before joining Protiviti, Michael has taken key consulting roles at Boston Consulting Group, A.T. Kearney and Kodak Services for Business.

Major projects

  • Led a large number of security assessment and audits for ISO 27001, PCI DSS and NIST cybersecurity framework 
  • Assisted many HK and US listed companies in assessing and improving the cybersecurity and IT security governance 
  • Led a number of financial institutions (including asset management firm and insurance firms) for IT security compliance projects 
  • Advised multiple international hospitality and hotel groups on cybersecurity protection, security incident respond and data privacy issues 
  • Advised the China subsidiary of an international coffee brand on the security assessment and remediation effort, including the establishing of the security operations 
  • Led a number of data privacy impact assessment projects for IT system implementation for various departments of the Hong Kong Government 
  • Led a large number of technical security assessment exercise, including penetration test, vulnerability scan, phishing testing and source code review 
  • Led a number of audit and advisory projects helping clients in establishing risk management function as well as managing risks (especially technology risks) 
  • Experience in helping a number of banking and insurance firm in IT transformation as well as information protection/security 
  • Led the overall IT audit effort for 2 universities in Hong Kong on data security/privacy, IT governance and operational effectiveness 
  • Conducted a number of public speaking, awareness training and corporate educations on cybersecurity and IT security topics

Areas of expertise

  • Cybersecurity 
  • Data privacy 
  • Technology risk and IT audit 
  • IT strategy

Industry expertise

  • Banking and Insurance 
  • Public Sector 
  • Retail

Education

  • Bachelor of Engineering & Bachelor of Science - University of Melbourne, Australia 
  • Master of Business Administration - New York University

Professional memberships and certifications

  • ITIL Foundation 
  • Certified Information Systems Auditor (CISA) 
  • Project Management Professional (PMP)      
Loading...