I’m Michael Chua, a cybersecurity and GRC AI specialist with 15+ years of leading governance, risk, and compliance across global enterprises. I’m skilled in secure-by-design AI/ML adoption, data governance, and cloud security, with proven expertise in risk assessment, privacy-preserving technologies, and regulatory alignment. I help organizations design resilient AI-enabled systems while maintaining compliance and strong security postures. As a trusted advisor and educator, I bridge policy and technical execution to enable responsible, compliant, and innovative AI at scale. I’ve led major cyber incident response and recovery initiatives, restored operations swiftly, and minimized impact. I collaborate with cross-functional teams and startups to prioritize risk, drive innovation, and build lasting cyber resilience in increasingly complex threat landscapes.

Michael Chua

I’m Michael Chua, a cybersecurity and GRC AI specialist with 15+ years of leading governance, risk, and compliance across global enterprises. I’m skilled in secure-by-design AI/ML adoption, data governance, and cloud security, with proven expertise in risk assessment, privacy-preserving technologies, and regulatory alignment. I help organizations design resilient AI-enabled systems while maintaining compliance and strong security postures. As a trusted advisor and educator, I bridge policy and technical execution to enable responsible, compliant, and innovative AI at scale. I’ve led major cyber incident response and recovery initiatives, restored operations swiftly, and minimized impact. I collaborate with cross-functional teams and startups to prioritize risk, drive innovation, and build lasting cyber resilience in increasingly complex threat landscapes.

Available to hire

I’m Michael Chua, a cybersecurity and GRC AI specialist with 15+ years of leading governance, risk, and compliance across global enterprises. I’m skilled in secure-by-design AI/ML adoption, data governance, and cloud security, with proven expertise in risk assessment, privacy-preserving technologies, and regulatory alignment. I help organizations design resilient AI-enabled systems while maintaining compliance and strong security postures.

As a trusted advisor and educator, I bridge policy and technical execution to enable responsible, compliant, and innovative AI at scale. I’ve led major cyber incident response and recovery initiatives, restored operations swiftly, and minimized impact. I collaborate with cross-functional teams and startups to prioritize risk, drive innovation, and build lasting cyber resilience in increasingly complex threat landscapes.

See more

Skills

Experience Level

Language

English
Fluent
Chinese
Fluent
Malay
Intermediate
German
Intermediate
French
Intermediate
Japanese
Intermediate

Work Experience

Cybersecurity consultant at freelance
August 3, 2020 - Present
Aug 2020 – Current ● Designed and implemented an enterprise-wide security and risk management framework, reducing organisational exposure to operational, cyber, and fraud-related risks. ● Partnered with cross-functional business, technology, and compliance teams to define and execute risk mitigation strategies, strengthening the overall risk posture. ● Served as advisor to technology startups, including Reelblend (AdTech), on information security, governance, and risk prioritisation. ● Conducted information security and fraud audits for a digital payment wallet in the Middle East, assessing controls, vulnerabilities, and incident readiness. ● Identified and prioritised risks across emerging technologies, including autonomous systems and decentralised finance platforms, ensuring alignment with governance and regulatory expectations.
Cybersecurity GRC AI Consultant at Independent
August 1, 2020 - Present
Designed and implemented an enterprise-wide security and risk management framework, reducing exposure to operational, cyber, and fraud-related risks. Partnered with cross-functional business, technology, and compliance teams to define and execute risk mitigation strategies, strengthening the overall risk posture. Advised tech startups including Reelblend (AdTech) on information security, governance, and risk prioritization. Conducted information security and fraud audits for a digital wallet in the Middle East, assessing controls, vulnerabilities, and incident readiness. Identified and prioritized risks across emerging technologies including autonomous systems and decentralized finance platforms, ensuring alignment with governance and regulatory expectations.
Cybersecurity Consultant at Digital Tech Hub
August 1, 2018 - August 1, 2020
Digitally transformed 200 businesses over 2 years. Assisted businesses to navigate their cybersecurity risks during their AI/digital transformation.
Information Risk Manager at Barclays Bank
July 1, 2016 - December 1, 2016
Managed information risks during the merger and acquisition of Barclays Wealth by Bank of Singapore. Ensured incident-free transfer of information assets to the buyer.
Programme Security Architect at Standard Chartered Bank
January 1, 2015 - June 30, 2016
Delivered security architecture to enable mobile banking and mitigate security risks through cognitive biometric controls and central logging. Designed the security framework and fraud prevention architecture in line with MAS, HKMA, RBI, and CBR regulatory expectations.
Head of Global Information Security & Business Continuity Policies at SWIFT
September 1, 2005 - May 1, 2006
Oversee changes and improvements to achieve straight-through processing; implemented security policy enforcement and required capture processes. Liaised with legal, HR, IT operations, and business units to ensure policy alignment.
Risk Assessment Consultant at SAPIT SA
May 1, 2006 - December 1, 2014
Established target architecture to comply with SAMA regulations; rationalized KPIs of APAC markets with regional IT leads to standardize and collate data globally as a prelude to real-time big data analytics. Performed risk assessments in Al-Rajhi Bank, Saudi Hollandi Bank, and Riyad Bank to ensure SAM A compliance; performed data analytics for AstraZeneca APAC in Singapore.
Founder & Cybersecurity Consultant at WITS Pte Ltd
February 1, 2002 - August 1, 2005
Conducted risk assessments, enforcement, and monitoring of information security risks across banks, MNCs, governments, and tech startups.
Group Chief Information Security Officer at RHB Group
January 1, 2001 - January 1, 2002
Set up Enterprise Risk Management System; established scope and processes, identified in-house subject matter experts, formed the team, monitored risks, performed gap analysis, reduced risks to manageable levels, and developed a risk-aware corporate culture. Managed assets including Retail E-banking, Interactive Voice Response, Online Customer Support, and Data Warehouse.

Education

MSc IT at Keele University
September 1, 1998 - September 1, 2000
MSc IT (Business Information Systems) at University of Keele
January 11, 2030 - March 16, 2026
Bachelor of Engineering at University of Newcastle
January 11, 2030 - March 16, 2026
Postgraduate Diploma in Computer Science at University of Newcastle
January 11, 2030 - March 16, 2026
Diploma in Management Studies at Institute of Supervisory Management, United Kingdom
January 11, 2030 - March 16, 2026
Diploma in Civil Engineering at Singapore Polytechnic
January 11, 2030 - March 16, 2026

Qualifications

MSc IT (Business Information Systems)
January 11, 2030 - March 16, 2026
Bachelor of Engineering
January 11, 2030 - March 16, 2026
Postgraduate Diploma in Computer Science
January 11, 2030 - March 16, 2026
Diploma in Management Studies
January 11, 2030 - March 16, 2026
Diploma in Civil Engineering
January 11, 2030 - March 16, 2026
Digital Forensics Essentials (EC-Council)
January 11, 2030 - March 16, 2026
Certificate in Machine Learning (Stanford University, USA)
January 11, 2030 - March 16, 2026
Certificate in AI Robotics Engineering
January 11, 2030 - March 16, 2026

Industry Experience

Financial Services, Professional Services, Software & Internet, Government, Education

Skills

Experience Level