Return to Event page.

Luke Ma

Partner, Cybersecurity, Risk Advisory,


Luke is the Partner of Cyber Risk Services of Deloitte China. Covering Southern China, he is information security and risk management professional with more than 20 years experiences in a global financial institution, telecommunications and global professional services firm.

He specializes in Cybersecurity, technology risk management, IT audit, data protection and privacy over a diverse industries, including financial services, public sector, retail, eCommerce and large scale conglomerates.

Professional skills and experience

  • Manages various security consulting engagement including Governance Risk and Compliance, security technology integration, information security consulting, attack and penetration testing, technology compliance consulting and assessments (HKMA / SFCHK / CBRC / CSRC / MAS / PDPO), digital forensics and etc.
  • Led and managed Cybersecurity consultancy / assessments on more than 20 banks in Hong Kong, China, Taiwan, Singapore and USA.
  • Led various policies and procedures review as well as security vulnerability assessments / penetration testing / source code review of the internet banking system by utilizing vulnerability assessment or penetration testing techniques. Performed gaps analysis of the internet banking system environment against the regulators’ requirements (such as HKMA, SFC, CBRC and etc). Assess the impact and likelihood of the risk areas and provide cost-effective recommendations to clients.
  • Planned, led and conducted privacy compliance assessment / privacy impact analysis in both public and private sectors in accordance with Personal Data (Privacy) Ordinance of Hong Kong (“PDPO”).
  • Manages quality assurance process to ensure client deliverables align with the firm’s policies and standards.
  • Developed internal methodologies, standards, tools, and templates
  • Led and conducted Risk-based Control Self-Assessment on Technology Risk and Third Party Risk perspectives.
  • Developed management reports to the senior management in order to present the Key Risk Indicators on business and technology outsourcing.

Areas of competencies

  • Cyber Governance, Risk and Compliance
  • Technology Risk Management
  • Vendor Risk Management
  • Regulatory Services
  • Process Improvement & Standardization

Representative clients

  • One of the largest retail banking groups in Asia
  • Global conglomerate with headquarter in Hong Kong
  • Regional electricity company with headquarter in Hong Kong
  • One of the largest luxury product groups in the world