Ai-Kao Chang
Burnaby,Canada
Summary
Information Security leader with over 15 years of experience in Governance, Risk, and Compliance (GRC), cybersecurity strategy, and IT risk management. Expertise in developing and executing enterprise-wide GRC frameworks, managing SOX IT and PCI-DSS compliance programs, and enhancing security awareness initiatives. Strong ability to align security compliance with regulatory standards including NIST, PCI-DSS, and ISO. Focused on fostering a culture of shared security responsibility and delivering value through a risk-based approach to GRC.
Overview
20
20
years of professional experience
1
1
Certification
Work History
Principal Security Architect
West Fraser
Vancouver, Canada
04.2024 - Current
- Company Overview: One of the largest lumber producers in North America.
- Lead the design and operationalization of the GRC and cybersecurity awareness programs for one of the largest lumber producers in North America.
- Built and matured an enterprise-wide risk management framework that integrates people, processes, and technology to identify, prioritize, and mitigate cybersecurity risks.
- Established and operationalized the SOX IT Compliance program, including framework design, control testing, control owner training, and audit engagement.
- Developed and executed a dynamic security awareness strategy focused on phishing, policy adherence, and behavior change.
- Oversaw the creation of a formal vulnerability management program to systematically identify and remediate security risks.
- Led initiatives to enhance cybersecurity awareness among employees and stakeholders.
- Conducted risk assessments to identify vulnerabilities in information systems.
- Collaborated with cross-functional teams to enforce security policies and standards.
Senior Manager, Enterprise Risk & Compliance
Best Buy Canada
Vancouver, Canada
02.2021 - 03.2024
- Directed SOX IT compliance programs across the enterprise for US and Canada.
- Partnered with Internal, External Audit and SOX PMO teams to maintain continuous compliance readiness.
- Led risk assessments of infrastructure and applications, identifying and addressing key cybersecurity and operational risks..
- Ensured compliance with applicable laws, regulations, policies, and procedures across all business units.
Senior Specialist – Enterprise Information Protection
Best Buy Canada
Vancouver, Canada
08.2016 - 05.2021
- Conducted ITGC testing and risk assessments for critical applications, ensuring compliance with SOX and internal policies.
- Served as the liaison between Internal Audit and IT teams, fostering collaboration for sustainable remediation strategies.
- Led annual security awareness campaigns, driving measurable improvement in employee security practices.
Manager, Enterprise Risk & Compliance
Best Buy Canada
Vancouver, Canada
05.2018 - 02.2021
- Directed SOX IT and PCI-DSS compliance programs across Canadian operations, aligning security controls with enterprise risk frameworks.
- Partnered with Internal and External Audit teams to maintain continuous compliance readiness.
- Led risk assessments of infrastructure and applications, identifying and addressing key cybersecurity and operational risks.
- Designed and delivered enterprise-wide security awareness programs to promote compliance and reduce human risk factors.
- Oversaw patch and vulnerability remediation processes to ensure timely risk mitigation.
Senior Internal Auditor
Best Buy Canada
Vancouver, Canada
10.2014 - 08.2016
- Led audits of IT systems and business processes, advising leadership on risk mitigation and control improvements.
- Provided control design recommendations during system implementations to ensure alignment with compliance requirements.
- Conducted risk assessments to identify internal control weaknesses.
- Developed audit plans to ensure compliance with corporate policies.
- Collaborated with departments to improve operational efficiency and effectiveness.
Senior Advisor, Business Risk Services
Grant Thornton LLP
Vancouver, Canada
03.2013 - 10.2014
- Delivered GRC advisory services to public and private clients, conducting ITGC reviews and risk assessments aligned with COBIT and NIST frameworks.
- Supported clients with ERP implementation risk assessments and business impact analyses (BIAs).
Application Support Analyst
Telus Health
Vancouver, Canada
12.2011 - 03.2013
- Supported over 300 clinics across BC and Alberta with access management, application troubleshooting, and incident response.
Information Security & Risk Analyst / Quality Assurance Specialist
HSBC Bank Canada
Vancouver, Canada
01.2006 - 01.2011
- Led SOX audit support and access administration for critical banking systems.
- Participated in North American governance initiatives to improve compliance and service delivery.
Education
B.GS -
Simon Fraser University
Burnaby, BCMasters Certificate - Project Management
The George Washington University
Skills
- GRC Strategy & Frameworks
- SOX IT & PCI-DSS Compliance
- Security Awareness & Culture
- Cybersecurity Risk Assessments
- Disaster Recovery & Incident Response
- Policy & Standards Development
- Audit & Regulatory Engagement (SOX, NIST)
- Leadership & Team Development
- Policy development
Certification
- GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- CRISC (Certified in Risk and Information Systems Control)
- CISA (Certified Information Systems Auditor)
- CDPSE (Certified Data Privacy Solutions Engineer)
- PCI Professional (PCIP)
- Microsoft Azure Fundamentals
Languages
- English, Fluent
- Cantonese, Fluent
Timeline
Principal Security Architect
West Fraser
04.2024 - Current
Senior Manager, Enterprise Risk & Compliance
Best Buy Canada
02.2021 - 03.2024
Manager, Enterprise Risk & Compliance
Best Buy Canada
05.2018 - 02.2021
Senior Specialist – Enterprise Information Protection
Best Buy Canada
08.2016 - 05.2021
Senior Internal Auditor
Best Buy Canada
10.2014 - 08.2016
Senior Advisor, Business Risk Services
Grant Thornton LLP
03.2013 - 10.2014
Application Support Analyst
Telus Health
12.2011 - 03.2013
Information Security & Risk Analyst / Quality Assurance Specialist
HSBC Bank Canada
01.2006 - 01.2011
B.GS -
Simon Fraser University
Masters Certificate - Project Management
The George Washington University
Similar Profiles
Cody DuncanCody Duncan
Production Technician IV at West FraserProduction Technician IV at West Fraser
Gea BengilGea Bengil
Summer Student at West FraserSummer Student at West Fraser
Leah Marie HudsonLeah Marie Hudson
Lumber Grader at West FraserLumber Grader at West Fraser
George BeamishGeorge Beamish
Graduate Engineer at West FraserGraduate Engineer at West Fraser
Christopher SzekeresChristopher Szekeres
Research Assistant at Douglas CollegeResearch Assistant at Douglas College