Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Language
Timeline
References
Personal Information
Generic
Hlaing Minn Paing

Hlaing Minn Paing

Phnom Penh

Summary

Dynamic cybersecurity leader with extensive experience in the financial, telecom, and insurance sectors across Southeast Asia. Proven ability to rapidly master complex security domains and implement impactful solutions, including seamless integration of security into the software development life cycle (SDLC) and alignment with ISO 27001, NIST, SOC 2, and GDPR standards. Strong analytical and problem-solving skills complement a leadership style that emphasizes mentoring cross-functional teams and fostering collaboration to enhance cybersecurity capabilities and compliance maturity. Committed to driving secure, scalable, and compliant operations while adeptly navigating new challenges and evolving organizational needs.

Overview

13
13
years of professional experience
1
1
Certification

Work History

IT Security Manager

LOMA Technology
08.2025 - Current
  • Delivered the enterprise IT Security Strategy and Roadmap, aligning with business objectives and regulatory requirements.
  • Executed key security programs, including integration of DevSecOps tools into CI/CD pipelines and implementation of threat modeling processes for new application development.
  • Define the Key Performance Indicator (KPIs) to achieve measurable outcomes such as accelerated secure releases, reduced security vulnerabilities, and enhanced risk mitigation across the organization.

IT Security Manager

Prudential Plc.
06.2024 - 07.2025
  • Directed regional cybersecurity initiatives across Cambodia, Laos, and Myanmar, strengthening security architecture, governance, and incident response capabilities in alignment with global frameworks and regulatory expectations.
  • Championed security by design practices across new programs, initiatives, and projects, integrating security checkpoints throughout the Software Development Lifecycle (SDLC) to enhance application resilience and mitigate risk prior to go-live.
  • Led Cloud security reviews and architecture assessments, ensuring alignment with security blueprints, compliance requirements, and Group security standards.
  • Conducted STRIDE threat modeling and designed mitigation strategies addressing vulnerabilities in application and infrastructure layers, ensuring secure adoption of Cloud services and technologies.
  • Enhanced Identity Access Management governance and integrated GRC and compliance processes to improve control effectiveness, policy adherence, and operational stability across regional entities.
  • Drove penetration testing, vulnerability remediation, and configuration review (including firewall, proxy, and network design), ensuring all critical risks were remediated before deployment.
  • Collaborated with Group and Regional Information Security teams, IT, and business stakeholders to ensure project implementation aligned with approved security policies, standards, and regulatory controls.
  • Managed vendor relationships for security operations and GRC platforms, fostering accountability and alignment with enterprise security objectives.
  • Developed and updated security policies, standards, and hardening guidelines, ensuring alignment with evolving technologies, Cloud practices, and audit readiness.
  • Conducted security awareness and training programs to promote a culture of security by design across local business units (LBUs) and project teams.
  • Enhanced endpoint, network, and data protection operations by implementing DLP, VAPT, and incident response measures, leading to a 25% faster threat detection rate and 30% reduction in incident resolution time.
  • Performed risk assessments, business impact analyses, and compliance audits, supporting executive decision making and improving governance maturity.
  • Supported budget planning and resource allocation to optimize security investments and ensure effective delivery of compliance initiatives.
  • Provided leadership and direction to the BISO team, managing security initiatives, enhancing compliance, and strengthening overall governance maturity.
  • Led BCP/DR exercises and post-incident reviews to ensure operational resilience and regulatory compliance.

Cybersecurity (Senior Manager)

ATOM Co.Ltd
11.2022 - 05.2024
  • Developed and operationalized Cyber Security GRC frameworks (ISO 27001, NIST CSF), improving enterprise risk visibility by 35% and achieving 100% audit readiness across all business units.
  • Directed security architecture reviews and gap assessments, recommending controls to address architectural weaknesses in Cloud and on premise environments.
  • Leading and supervising vendor based IT Security Analysts and GRC professionals by providing strategic direction, mentorship, and performance management to ensure effective delivery of cybersecurity and governance initiatives, fostering a collaborative culture that aligns security operations with organizational objectives and regulatory standards.
  • Led certification initiatives (ISO 27001, SOC 2), driving process maturity and reinforcing customer and regulatory trust.
  • Directed incident response and recovery operations, ensuring proper escalation, effective threat containment, and improved SLA adherence through structured playbooks and collaboration to maintain the business performance.
  • Strengthened data protection and DLP monitoring, ensuring confidentiality and compliance with internal and external requirements.
  • Partnered with senior leadership to integrate cybersecurity into business strategy, influencing risk-aware decisions and aligning with enterprise objectives.
  • Supported external engagement and regulatory communications, maintaining trust through transparency and compliance assurance.
  • Managed vendor and third-party compliance programs, reducing supplier security non-conformances by 40% and ensuring 100% contractual compliance through continuous risk assessments.

IT Security and Risk Assistant Manager

Truemoney
09.2020 - 10.2022
  • Established, maintained, enforced and develop policies and frameworks aligned with ISO standards, ensuring strict compliance with regulatory requirements and strengthening overall control effectiveness.
  • Led comprehensive security testing programs across infrastructure and applications, driving timely remediation and significantly reducing critical vulnerabilities.
  • Trained and mentored employees on cybersecurity best practices through targeted awareness programs, enhancing vigilance, improving incident reporting, and reducing human-error-related security incidents.
  • Conducted vendor security assessments and third-party risk analysis and reviews, mitigating supply chain risks and ensuring compliance with internal and regulatory standards.
  • Collaborated with IT, business, and compliance teams to integrate DevSecOps practices into development pipelines, embedding security controls into projects, system architecture and systems to enhance release security and operational agility.
  • Implemented cybersecurity dashboards for real-time risk tracking, enabling senior management to monitor key metrics reporting, maintaining meticulous records and respond swiftly to incidents.
  • Optimized network and cloud security through firewall tuning and baseline controls, strengthening threat detection and reducing exposure to protect the digital assets.
  • Directed internal and external audit cycles, ensuring zero overdue remediation items for three consecutive years and reducing audit preparation time by 20% through process optimization.
  • Provided technical guidance and strategic advice to both technical and non-technical stakeholders, ensuring effective collaboration and successful implementation of new security programs.

Information Security Assistant Manager

MOB Bank
10.2018 - 08.2020
  • Identified, prioritized, and tracked remediation of security gaps and misconfigurations across the enterprise, implementing targeted controls to mitigate risks and ensure compliance and audit readiness.
  • Designed and executed the organization-wide IT security strategy and roadmap, aligning initiatives with internal controls, business objectives and enhancing cross-departmental security adoption.
  • Supported PCI DSS (Payment Card Industry Data Security Standard), ISO 27001, and MCB security compliance by implementing controls, preparing for audits, and delivering risk reporting to ensure secure operations and regulatory adherence.
  • Led security operations and vendor management, maintaining >99% SLA compliance on incident detection and response while minimizing downtime by 15% during high-impact security events.
  • Established and governed security frameworks aligned with ISO 27001 and NIST, improving control effectiveness and audit preparedness.
  • Streamlined regulatory and audit engagements as the primary liaison, accelerating remediation and strengthening stakeholder confidence across risk, IT, and compliance teams.
  • Executed third-party risk management initiatives, ensuring vendor compliance with internal standards and mitigating external dependency risks.
  • Supported disaster recovery and business continuity initiatives by leading exercises and tabletop simulations, validating recovery processes, and ensuring availability and integrity of critical data and services.

SOC Engineer Tier 2

KBZ Bank
09.2016 - 09.2018
  • Achieved PCI DSS compliance by strengthening endpoint protection and implementing comprehensive log monitoring, significantly reducing high-risk findings.
  • Led deployment and optimization of Trend Micro Endpoint, Deep Security, ELK SIEM, and Palo Alto XDR, enhancing infrastructure protection and lowering security incidents.
  • Compliance with internal policies and external regulations was achieved through reviewing and enhancing IPS and SIEM configurations.
  • Met IT security policy framework requirements through collaboration with governance and compliance teams to strengthen baseline controls.
  • Reviewed audit trails, system logs, and monitoring data to ensure compliance with security policies and audit requirements, while enhancing IT controls and policies to strengthen governance, improve responsiveness, and reduce risk exposure.
  • Implemented and maintained proactive monitoring and reporting controls across network and critical systems to support SWIFT CSP readiness and strengthen overall threat detection capabilities.
  • Led vulnerability management initiatives to proactively detect and address security weaknesses across banking infrastructure and mobile applications, ensuring swift response and alignment with the Bank’s Cyber Incident Response and Investigations Plan.
  • Performed comprehensive threat analysis and risk assessments by conducting periodic vulnerability scans and coordinating internal and external penetration tests to strengthen the bank’s IT infrastructure and ensure compliance with regulatory requirements.

System Engineer

MMG
12.2012 - 08.2016
  • Resolved a high volume of Level 1 technical support tickets daily, addressing software, hardware, and network issues while maintaining strong first-call resolution and customer satisfaction.
  • Facilitated timely resolution of Level 2/3 support tickets by preparing detailed case summaries and coordinating with senior engineers, ensuring effective problem escalation and follow-up.
  • Expedited resolution of IT infrastructure queries for customers, enhancing service efficiency and driving positive feedback and satisfaction.

Education

B.Sc - Maths

Dagon University
Myanmar

Skills

  • Governance, risk, and compliance expertise
  • Security architecture and engineering
  • Root cause analysis and attack surface evaluation
  • Endpoint security management

Accomplishments

1. Deploying SOC Projects.

2. Annual Penetration Testing Projects.

3. Deploying WAF for mobile application.

4. Trendmicro Deep Security for Server Protection.

5. Deploying the Fortinet Core Firewall for Telecom Network.

6. DevSecOps ( Checkmarx, SonarQube, Trivy ) Tools integration.

7. Deploying Trendmicro Endpoint Security.

8. Deploying Cortex XDR Projects.

9. Deploying the Qualys Vulnerability Management system.

Certification

  • CISM ( ISACA )
  • ISO/IEC 27001 Lead Implementer ( Intertek )
  • CC ( ISC2 )
  • EJPT ( eLearn Security )
  • NSE 4 ( Fortinet )
  • CCNA ( R&S, Security ) ( Cisco )
  • EC Council Network Security Administrator ( EC Council )
  • OCI Foundation Associate ( Oracle )
  • Qualys Certified Specialist Vulnerability Management ( Qualys )
  • Certified API Security Analyst ( API Security University )
  • APISec Certified Practitioner ( API Security University )
  • AZ 900,AZ 500 (Work In Progress)

Language

English ( Fluent)

Timeline

IT Security Manager

LOMA Technology
08.2025 - Current

IT Security Manager

Prudential Plc.
06.2024 - 07.2025

Cybersecurity (Senior Manager)

ATOM Co.Ltd
11.2022 - 05.2024

IT Security and Risk Assistant Manager

Truemoney
09.2020 - 10.2022

Information Security Assistant Manager

MOB Bank
10.2018 - 08.2020

SOC Engineer Tier 2

KBZ Bank
09.2016 - 09.2018

System Engineer

MMG
12.2012 - 08.2016

B.Sc - Maths

Dagon University

References

  • Mr Thu, Ya, Lecturer, thuya.consultant@gmail.com, +659 1495395, Temasek Polytechnic
  • Mr Wai, Phyo, Chief Information Security Officer, kowaiyan1985@gmail.com, +971528552283, McCoin Virtual Assets LLC

Personal Information

Nationality: Myanmar Citizen

Similar Profiles

  • Jacquelyn HardwickeJacquelyn Hardwicke

    Cardiac Sonography Clinical Rotations at Loma Linda University Medical Center/Children's Hospital, & Loma Linda Veterans HospitalCardiac Sonography Clinical Rotations at Loma Linda University Medical Center/Children's Hospital, & Loma Linda Veterans Hospital

  • Leilani HowardLeilani Howard

    Medical Assistant at Loma Linda University Health-Loma LindaMedical Assistant at Loma Linda University Health-Loma Linda

  • Chelsi BuiguesChelsi Buigues

    Instructional Aide - Special Education at Alta Loma Jr. High - Alta Loma School DistrictInstructional Aide - Special Education at Alta Loma Jr. High - Alta Loma School District

  • Audrey Tatenda KudiwaAudrey Tatenda Kudiwa

    English Teacher at Arizon School Kampong ThomEnglish Teacher at Arizon School Kampong Thom

  • Hong MengthongHong Mengthong

    Senior Embryologist at SIM PHALLY IVF CLINICSenior Embryologist at SIM PHALLY IVF CLINIC

CREATE PROFILE
Hlaing Minn Paing