Zhicheng Liu | Senior Security Executive · Industry Thought Leader
Executive Summary
A strategic security executive with over 20 years of experience in cybersecurity and IT governance, holding a distinguished track record of transforming security into a core business enabler and competitive advantage. As the Director of the Information Security Center at Lexin (NASDAQ: LX), I am entrusted with safeguarding the digital assets and privacy of 160+ million users. My expertise lies in architecting modern security governance frameworks that are deeply integrated with corporate objectives, with proven experience across cutting-edge domains including FinTech, Smart Cities, and Vehicle-to-Everything (V2X).
As a results-driven leader, I have successfully managed technical teams of over 100 professionals, delivering multiple national-level and large-scale enterprise security programs. Furthermore, as the OWASP Guangdong Regional Lead, inventor of over 40 technology patents, and a key contributor to numerous national/industry standards, I possess deep insights and recognized industry influence on emerging trends such as AI security and Continuous Threat Exposure Management (CTEM).
Core Competencies
| Domain | Expertise |
|---|---|
| Strategy & Governance | • Enterprise Security & Risk Management (ESRM) & Digital Ecosystem Risk Governance • Aligning Security Strategy with Business Objectives to Maximize Commercial Value • Data Security Governance & Global Compliance (ISO 27001/27701, PIPL, DPO) • Continuous Threat Exposure Management (CTEM) & Composable Security Architecture |
| Cutting-Edge Tech Security | • AI / Big Data Security Architecture & Risk Control • End-to-End IoT / Vehicle-to-Everything (V2X) Security Solutions • Cloud-Native Security & DevSecOps Framework Implementation • Blockchain Integration & Trusted Identity Management |
| Operations & Cyber Defense | • Threat Intelligence-Driven Proactive Defense & Situational Awareness Systems • Next-Generation Security Operations Center (SOC) & Incident Response (SIEM/SOAR) • Secure Development Lifecycle (SDLC) & Supply Chain Security • Adaptive Identity Fabric & Zero Trust Implementation |
| Leadership & Influence | • Management, Motivation, and Mentorship of 100+ Member Cross-Functional Technical Teams • Board of Directors & C-Level Communication and Reporting • National and Industry Standard Development and Promotion • Top-Tier Community Leadership (OWASP) & Building Industry-Academia-Research Ecosystems |
Professional Experience
Dec 2019 – Present | Lexin (NASDAQ: LX) | Director, Information Security Center
As the group's head of security, I lead a 52-member information security team to build a world-class security posture for the group's 160 million users' financial and data assets within a stringent financial regulatory environment.
Key Achievements & Business Impact:
- Architected a Business-Driven Security Framework: Spearheaded the design and implementation of the group's top-level information security strategy, establishing a "four-in-one" integrated protection platform covering Application, Data, Business, and AI security, thereby transforming security capabilities into a core competitive advantage.
- Enabled Extreme Risk Control & Business Growth: Drove the upgrade of the "Qidian AI" intelligent risk control system, deploying over 60,000 risk rules and reducing risk decision latency to 1.2 milliseconds. This initiative not only slashed the group's fraud rate by 90% YoY but also optimized the user portfolio, increasing the GMV contribution from premium users from 72% to 82%, directly enabling the company's 14.2 billion RMB annual revenue and 1.1 billion RMB net profit.
- Achieved Premier International Compliance Standards: Led the team to secure ISO/IEC 27001 and ISO/IEC 27701 international certifications, establishing a solid foundation of trust and compliance for the group's global business expansion.
- Pioneered Industry Ecosystem Collaboration: Represented the company in signing a strategic partnership with industry leaders like Qi An Xin to co-develop FinTech data supply chain security solutions, solidifying Lexin's technology leadership position.
Apr 2018 – Oct 2019 | Gosuncn Technology Group (SZSE: 300098) | Chief Information Security Expert
As the group's first Chief Security Expert, I was mandated to build the corporate security function from the ground up and design forward-looking security architectures for the core Smart City and V2X business units, leading a 64-member security and IT team.
Key Achievements & Business Impact:
- Established Group's Security Foundation: Built the entire corporate security system from "0 to 1" within one year, deploying a Zero Trust-based R&D security domain and a threat intelligence-integrated SOC platform. This secured the company's 356 million RMB annual R&D investment and its 2,300+ intellectual properties.
- Led the Market Through Standardization: Collaborated with authoritative bodies including the Ministry of Public Security and the National ICV Innovation Center (CICV) to drive the formulation of security standards for intelligent connected vehicles and smart cities. This strategic move enabled the company to win nearly 20 city-level automotive electronic identification projects, establishing market access and a technical advantage.
- Empowered Nationwide Expansion of Core Business: The security solutions architected were instrumental in supporting the successful deployment of over 500 Smart City projects across 23 provinces and 300+ cities. The AR-based stereoscopic cloud defense platform was adopted in over 100 cities, becoming a key engine for business growth.
Dec 2008 – Apr 2018 | Aspire Technologies (A China Mobile Company) | Director, Security Business Dept. / Chief Security Expert
During the critical decade of China Mobile's payment business growth from inception to explosion (358 million users, 9.31 trillion RMB annual transaction volume), I led a 102-member security business team, safeguarding China Mobile's core operations.
Key Achievements & Business Impact:
- Secured a Trillion-RMB Payment Business: Innovatively designed core security solutions such as application-affiliated signatures and dynamic key management, fundamentally solving critical security challenges in mobile payment copyright and billing. This provided an indispensable security guarantee for China Mobile's competitiveness in the trillion-RMB market.
- Directed a National-Level Security Project: Led the end-to-end solution design and core system development for the State Post Bureau of China's national real-name registration system for parcel delivery, making a critical contribution to national logistics information security.
- Built a Mobile Application Security Ecosystem: Spearheaded the construction of China Mobile's terminal application certification platform, providing full-lifecycle security services for hundreds of millions of mobile terminals, with a profound and lasting impact.
Flagship Project Highlights
National Real-Name Supervision Platform for Express Delivery, State Post Bureau of China
- Challenge: In response to a national security mandate, build a nationwide real-name supervision platform from scratch to cover hundreds of courier companies and support hundreds of millions of users. The core challenges were to address non-transparent identities, difficult package traceability, and the lack of effective risk-warning capabilities.
- My Role: As Technical Director & Chief Architect, I was fully responsible for the top-level design, technical blueprint, and core technology development of this national-level platform, translating high-level policy mandates into a highly reliable and feasible technical implementation.
- Business Outcome: Successfully architected a national core system supporting 1+ billion users and processing 150+ million orders daily. The platform passed the National Information Security Level 3 Protection assessment (MLPS Level 3) and achieved second-level response times for complex, multi-conditional queries and analytics across petabyte-scale historical data. This project became a benchmark for national critical information infrastructure.
Technical Patents & Standards Contributions
- Invention Patents: As the Sole or First Inventor, I have filed/been granted over 40 invention patents in key areas such as mobile payments, identity authentication, blockchain integration, and data tamper-proofing. (Representative Patent Nos: 201510633498.X, 201610173969.8)
- Standards Development:
- Deeply involved in drafting the "12th Five-Year Plan for the Electronic Signature and Certification Service Industry" for the Ministry of Industry and Information Technology (MIIT).
- As Chief Expert, collaborated with the Ministry of Public Security, the National ICV Innovation Center (CICV), and the China Society of Automotive Engineers (China-SAE) to promote security standards for intelligent connected vehicles and smart cities.
- Participated in the "Personal Information Protection Compliance Audit Promotion Group" at the China Academy of Information and Communications Technology (CAICT) to advance industry data security standards.
Community Leadership & Industry Recognition
- OWASP Guangdong Regional Lead (2022-2024):
- Successfully organized the OWASP China Security Technology Forum for multiple consecutive years, focusing on cutting-edge topics like AI large models and digital ecosystem security. Each event attracted nearly 100 industry experts, significantly elevating the level and influence of security technology exchange in Southern China.
- Industry Awards & Expert Appointments:
- Recipient of multiple top industry honors, including "Top 10 Most Influential CSOs in the Greater Bay Area," "Outstanding CSO of the Year," and the "Top 10 Super CSO Award."
- Serve as a specially appointed expert for several renowned platforms, including SecJoin, Security- 牛, and FreeBuff, continuously sharing forward-looking industry insights.
Education Background
- Doctor of Business Administration (DBA) in Financial Management | Neoma Business School | Mar 2020 – Feb 2024
- Master of Science in Finance | Indiana University | Sep 2018 – Jul 2020
- Master of Business Administration (MBA) | The Hong Kong Polytechnic University | Sep 2012 – Jul 2014
- Master of Science (MSc) in Software Technology | The Hong Kong Polytechnic University | Sep 2007 – Jul 2009
- Bachelor of Science (BS) in Computer Science and Technology | Central South University | Sep 2003 – Dec 2005
贡献者
pansin