Our cybersecurity and privacy teams have extensive experience in developing, implementing, and managing risk management programmes. The aim is to identify risks; monitor, manage, and remediate them; and – based on the organisation’s risk appetite and risk tolerance – properly determine what risks are acceptable.

We help establish strong governance through policies and procedures that adhere to legal and regulatory requirements, and the defined objectives of your organisation. Additionally, our team can establish and support compliance functions that will validate those controls, ensuring that policies and procedures are effective and efficient

  • Programme Governance and Business Risk Assessments regarding cybersecurity and privacy – Crown jewels, threat actors, risk exposure, potential impacts, and risk tolerance (financial, business outage, legal, regulatory, and reputational)
  • Cybersecurity & Privacy Controls Maturity Assessments – utilising industry frameworks such as NIST, SANS, COBIT, ISO, etc.
  • Regulatory requirements that include, but not limited to:
    • US Department of Defense Cybersecurity Maturity Model Certification – CMMC
    • New York State Department of Financial Services – NYDFS
    • Securities and Exchange Commission – SEC
    • European Banking Authority – EBA
    • Financial Conduct Authority – FCA
    • EU General Data Protection Regulation – GDPR
    • California Consumer Privacy Act – CCPA
    • Health Insurance Portability Accountability Act – HIPAA
  • Penetration testing
  • Vulnerability scanning
  • Assessment recommendations – eg: budgeting, risk management, policies and procedures, control testing and validation, etc
  • Strategic planning such as roadmap prioritisation and implementation; recommendations and solution implementation
  • Board and leadership reporting
  • Ongoing risk management oversight – identification, remediation, and acceptance
  • Ongoing programme support for compliance and regulatory requirements
  • Aviation safety management systems
  • Expert witness and testimony