Nicholas F. Cheong is an accomplished lawyer, governance and risk consultant, and specialist trainer with over a decade of experience in in-house auditing and training, and 25 years of legal practice. His expertise spans privacy and data protection, information security management, governance, risk and compliance, as well as change management and agile methodologies. He has delivered training and consultancy services to a diverse range of clients including hospitals, manufacturers, service providers, advertising agencies, charities, societies, and sports associations.
Nicholas is recognised for his work in helping organisations design, implement, and maintain robust information security and data protection programmes. His professional portfolio includes conducting audits on ISO 27001:2022 information security management systems, advising on data governance structures, leading data protection impact assessments, and developing breach management and risk mitigation plans. He is also experienced in due diligence audits on HR systems, policies, and procedures, as well as delivering tailored awareness and change management programmes to secure organisational buy-in.
An experienced educator, Nicholas has served as a law lecturer for institutions such as the University of London, Monash College, and Temasek Polytechnic. He was among the first batch of PDPC-appointed PDPA trainers in 2014 and is an approved trainer for both the Fundamentals and Practitioner Certificates in Data Protection with the Singapore National Employers Federation, Temasek Polytechnic, SMU Academy, and Republic Polytechnic. His workshop delivery covers a wide range of areas including workplace misconduct investigations, bribery and corruption risk management, anti-money laundering, contract law, and specialised ISO standards training in information security and anti-bribery management systems.
Nicholas holds an LLB (Hons) from the National University of Singapore, is admitted as an Advocate and Solicitor in Singapore and a Solicitor in England and Wales, and is a Fellow of Information Privacy with the International Association of Privacy Professionals. His extensive professional qualifications include certifications in governance, risk and compliance (OCEG), artificial intelligence ethics (NTU/SCS/IMDA), cybersecurity, data analytics, UX design, agile leadership and coaching, physical security, and advanced training and assessment.
