Darren is a Partner and the National Head of Cyber Security and Privacy Risk Services in Melbourne.
Darren has delivered security and privacy assessments across multiple countries for large multinational corporations, and locally for Australian based organisations in both the public and private sectors across all industries.
"I enjoy translating cyber security risks into business language, combining my deep technology risk knowledge with high-impact communications to c-suite and board levels."
He has worked on an extensive range of technology risk management projects including technical security assessments, governance and strategy, data privacy, third-party risk, cloud security assessments and risk strategy, cybersecurity, and much more.
Darren is also currently supporting the Consumer Data Right (CDR) accreditation for Open Banking and Open Energy applicants seeking unrestricted, sponsor/affiliate, or principal/representative agent access.
Residing in a little beach town in Mornington Peninsula, Darren loves spending his free time with his family and five children.
Prior to joining RSM, Darren worked for a global internal audit and risk consulting firm for over 12 years in London and Melbourne, where he led the Melbourne office’s IT internal audit, technology risk, and data analytics solutions.
SIGNIFICANT PROJECTS
RSM Australia recently completed the first CDR information security accreditation for a FinTech (non-ADI Open Banking) and Darren was the lead assurance practitioner for the independent assurance report (ASAE 3150). This involved assessing the design and implementation of controls for Part 1 and Part 2 of Schedule 2 in the CDR Rules.
- Led the General Data Protection Regulation (GDPR) and Australian Privacy Principles implementation project for an Australian headquartered international cosmetics retailer. The engagement was subsequently expanded to include a new POS risk assessment and a Payment Card Industry Data Security Standard (PCI DSS) advisory project.
- Performed a cyber security assessment of a diverse conglomerate, benchmarking against a matrix framework based on ISO27001, NIST Cyber Security Framework, Australian Government Essential Eight, and Centre for Internet Security (CIS) Top 18 Critical Security Controls
- Assessed the secure configuration of a Microsoft Azure and Amazon Web Services (AWS) multi-cloud environment, using the Cloud Security Alliance (CSA) guidance, CIS Benchmarks, and AWS Security Best Practices and Well Architected Framework.
- Spearheaded a vulnerability assessment and CREST accredited penetration test at a financial services organisation to assist with CPS 234 compliance.
- Evaluated compliance against the Victorian Protective Data Security Standard (VPDSS) and the Australian Government Information Security Manual (ISM), and developed a roadmap to compliance based on gaps identified and remediation of quick wins.
ASSOCIATIONS
- Professional Member of the Institute of Internal Auditors (IIA)
- Member of the Information Systems Audit and Control Association (ISACA)
QUALIFICATIONS
- Certified Information Systems Auditor (CISA)
- Certified Internal Auditor (CIA)
- Certified Data Privacy Solutions Engineer (CDPSE)
- Internal Audit Quality Assessment Reviewer
- Masters of Engineering and Management (University of Manchester)