Alex Yao

Business Information Security Officer | Cybersecurity GRC

Alex Yao

I help banks and regulated organizations turn complex security, risk, and compliance requirements into operational outcomes — using ACSC, APRA, and ISO frameworks, and automating controls with Power BI and Power Automate.

Recognized high potential

Employee of the Year 2025

Global Leadership Talent Programme (Top 5% worldwide)

APAC Talent Programme (Top 5% APAC)

English, Mandarin, Cantonese

Languages

Projects

Projects
AI Risk AI governanceRisk appetiteCross-functional

AI Risk Governance Framework

Co-designed and operationalized an AI risk governance approach sponsored by executive leadership, enabling a global bank to evaluate AI use cases against risk appetite.

Read case study
GRC ACSC Essential EightMaturity assessmentRemediation

ACSC Essential Eight Maturity Assessment

Led an Essential Eight maturity assessment across a business unit, translating ACSC strategies into a prioritized remediation roadmap and automated executive reporting.

Read case study
Automation Power AutomatePower BIControl assurance

Operational Risk Control Automation

Automated recurring control assurance workflows using Power Automate and Power BI, reducing manual effort and improving consistency for operational risk reporting.

Read case study

Latest post

All posts
AI riskGovernanceBanking

AI Risk Governance for Regulated Banks

Practical principles for governing AI use cases without stifling innovation.

6 min read
GRCAutomationPower BI

Building GRC Automation with Low-Code Tools

How Power Automate and Power BI can reduce manual assurance work without introducing new operational risk.

5 min read
ACSCEssential EightMaturity

Lessons from an ACSC Essential Eight Assessment

What I learned leading a maturity assessment against the Australian government cyber baseline.

5 min read