Derek Han
Principal, Cybersecurity and Privacy Leader
Derek is a Principal in the Advisory Cyber Risk Services Group. Derek has eighteen (18) years of professional experience in information security and IT risk consulting.
Chicago, Illinois
Industries
- Technology, media & telecommunications
Service Experience
- Advisory
Derek Han
Executive summary
Derek is a Principal in the Advisory Cyber Risk Services Group. Derek has eighteen (18) years of professional experience in information security and IT risk consulting, including information security program assessment and implementation, information security policies and standards, network security architecture, data protection and data privacy, IT risk management program and solution implementation, IT asset risk management program design and implementation, as well as Governance, Risk, and Compliance (GRC) solution design and implementation.
Derek has led or managed projects for over thirty clients across multiple industries including financial, airline and transportation, healthcare and life science, and consumer products. Many of his clients are Fortune 500 companies. He has led teams to assess, design, and implement information security and IT risk management solutions for complex client environment with global operations; had years of working experience with client IT, information security, risk management, compliance, legal, internal audit, IT, and business executives. Drove sales and business development activities. He was responsible for developing and maintaining client relationships. Responsible for talent matters including career development, development teams, and staffing escalation. Led innovative solution development, including IT risk sensing solutions using advanced risk analytics and visualization; IT asset risk management solutions to implement risk management disciplines in IT asset management programs. Served as the Point of Contact for key security software vendor alliance in the data protection and IT risk management fields
Deep knowledge and experience in NIST 800 series, NIST Cyber Security Framework, ISO27001/27002, COBIT 5, ISACA Risk IT, FAIR (Factor analysis of information risk), FFIEC IT booklets, PCI DSS, GLBA Security Requirements, EU GDPR, Privacy Shield, as well as HIPAA and HITECH rules.
Professional qualifications and memberships
- Certified Information Systems Security Professional (CISSP)
Education
- MA in MIS, University of Iowa (August 1998)
- MBA, Iowa State University (July 1997)
- Bachelor of Science, Beijing University of Aeronautics & Astronautics (May 1992)
Search for people at Grant Thornton
Enter a name and/or keywords such as service area, industry or location to get to know our business leaders — partner, principal or managing director. We look forward to hearing from you.