Information &

Technology Risk


Cybersecurity &



  • Assessment of the information risks to people, processes, technology, and determining the likelihood and impact of the risk events, tolerance, and the threat environment

  • Audit the implementation, adequacy, and effectiveness of the security controls, existing safeguards and vulnerabilities,

  • Advisory to management on risk management matters, and as an independent reviewer to provide assurance on management’s capability and performance in risk management.


  • Creating organizational Cybersecurity awareness

  • Improving mechanisms for Authentication and Authorization

  • Strengthening End-Point protection (desktops, laptops, mobile devices, PDAs)

  • Conducting Penetration Tests

  • Improving Patch Management, Log Monitoring and Security Incident Response processes

Data Privacy & 


  • Establishing and implementing security-related policies

  • Overseeing regulatory compliance and ensuring data privacy

  • Establishing and overseeing the organization's security architecture

  • Supervising identity and access management

  • Establishing business continuity and disaster recovery

  • Conducting electronic discovery and digital forensic investigations