Business Information Security Officer | Cybersecurity GRC
Alex Yao
I help banks and regulated organizations turn complex security, risk, and compliance requirements into operational outcomes — using ACSC, APRA, and ISO frameworks, and automating controls with Power BI and Power Automate.
Recognized high potential
Employee of the Year 2025
Global Leadership Talent Programme (Top 5% worldwide)
APAC Talent Programme (Top 5% APAC)
English, Mandarin, Cantonese
Languages
Projects
ProjectsAI Risk Governance Framework
Co-designed and operationalized an AI risk governance approach sponsored by executive leadership, enabling a global bank to evaluate AI use cases against risk appetite.
Read case studyACSC Essential Eight Maturity Assessment
Led an Essential Eight maturity assessment across a business unit, translating ACSC strategies into a prioritized remediation roadmap and automated executive reporting.
Read case studyOperational Risk Control Automation
Automated recurring control assurance workflows using Power Automate and Power BI, reducing manual effort and improving consistency for operational risk reporting.
Read case studyLatest post
All postsAI Risk Governance for Regulated Banks
Practical principles for governing AI use cases without stifling innovation.
Building GRC Automation with Low-Code Tools
How Power Automate and Power BI can reduce manual assurance work without introducing new operational risk.
Lessons from an ACSC Essential Eight Assessment
What I learned leading a maturity assessment against the Australian government cyber baseline.