Steven Yang, Deloitte Touche Tohmatsu LLC  Taiwan
Steven Yang
Senior Manager
Deloitte Touche Tohmatsu LLC Taiwan

Steven is a Cyber Strategy Manager at Deloitte, with over 4 years of proficiency in cybersecurity strategy and IT information risk management, specializing in Finance, Healthcare, and Manufacturing sectors. Steven's expertise encompasses:

  • Strengthening cybersecurity strategies and frameworks, e.g. FFIEC CAT (Cybersecurity Assessment), Zero Trust Maturity Model (ZTMM 2.0 fromCISA, DoD), NIST SP800-207, SP 800-53, and NIST Cybersecurity Framework (CSF v2.0 latest).
  • Ensuring industry compliance, e.g., FSC R.O.C, FISC, F-ISAC, TWSE and life insurance-related regulatory.
  • Implementing ISMS (ISO 27001:2022), ISO 27799:2016, PIMS (BS 10012:2017) and ISO 22301(BCMS).
  • Performing risk assessment and IT auditing, including TW and overseas audit (e.g., USA, Thailand, Singapore, and Hong Kong).

Steven: A Multifaceted Expert in Cybersecurity and Biomedical Innovation

Steven is a Cyber Strategy Manager at Deloitte Taiwan, bringing over four years of expertise in cybersecurity strategy and IT information risk management. His unique background blends cutting-edge technology with biomedical science, making him a versatile professional in today's complex digital landscape.

Educated at prestigious institutions in Taiwan, Steven holds a Master of Science in Biomedical Engineering from National Taiwan University (NTU) and a Bachelor of Science in Biomedical Science and Biotechnology from Chang Gung University. His academic focus on tissue engineering, biomaterials, and medical device design laid a strong foundation for his later work in healthcare-related sideproject and cybersecurity strategy.

At Deloitte, Steven leads strategic initiatives in the Cyber Strategy Group, specializing in digital identity solutions, ISMS Business Impact Analysis, and the implementation of ISMS (ISO/IEC 27001, 27799) and PIMS (ISO/IEC 27701/ BS 10012). His expertise spans across critical sectors including Finance, Healthcare, and Manufacturing.

Steven's proficiency extends to managing cybersecurity governance in compliance with MAS/HKMA standards, conducting ISMS/PIMS and ISO 22301 BCMS audits, and championing smart company programs. He has successfully managed over 70 projects since January 2021, demonstrating his exceptional project management skills.

A significant contributor to Deloitte's research and methodology development, Steven has authored over 30 methodologies, including cyber strategies blueprints, ESG maturity assessments, and global IT compliance frameworks. His work on Taiwan's inaugural digital identity law showcases his role in shaping the future of cybersecurity regulations.

Steven's expertise encompasses a wide range of cybersecurity frameworks and standards, including FFIEC CAT, Zero Trust Maturity Model (ZTMM 2.0), NIST guidelines, and various ISO standards. He is also skilled in cybersecurity incident response, having created and delivered table-top exercises, incident response plans, and playbooks.

Prior to his role at Deloitte, Steven co-founded Encorphin Healthcare Co. Ltd, a startup focused on healthcare education and innovative medical technologies. This entrepreneurial experience, combined with his time as a Consultant at PeopleSearch Taiwan Pte Ltd, where he excelled in healthcare talent acquisition, gives him a unique perspective on the intersection of healthcare, technology, and human resources.

Steven's technical skills are complemented by his language proficiency in English and Mandarin Chinese, as well as his certifications in various ISO standards and cybersecurity. His diverse background, rapid career progression, and significant contributions to both cybersecurity and healthcare sectors position him as a forward-thinking leader in the ever-evolving field of digital security and risk management.

mikehuang3334@gmail.com