We do not just advise. We deliver.
Every engagement is led by practitioners who have held the roles our clients operate in - across all three lines of defence, in some of the most complex regulated environments globally.
Four consulting practices. One delivery standard.
Enterprise & Operational Risk
End-to-end enterprise risk management - from strategy and policy design through to maturity assessment, risk appetite, and ongoing governance.
Cyber & Technology Risk
Full-spectrum cyber and technology risk services - from board-level risk management and third-party cyber oversight through to technical assurance and managed security.
Data & AI Governance
From standing up your AI governance program through to ISO 42001 certification readiness, risk framework design, and regulatory impact assessment. Led by an ISO 42001 Lead Auditor.
GRC Tool Selection & Implementation
Full six-module GRC lifecycle coverage - from independent product selection across 180+ vendors through to long-term value measurement. Tool-agnostic.
Deep experience across regulated industries.
Three ways to engage.
Short-term, scoped engagements
Defined deliverables, outcome-priced. Typically 4–12 weeks. Risk appetite frameworks, maturity assessments, GRC selection, AI governance readiness, cyber reviews.
Long-term, integrated into your team
Practitioner works inside your organisation, reporting to your leadership. Typically 3–12 months. GRC implementations, transformation programs, capability uplift.
Part-time CRO, CISO, or Head of Risk
Senior practitioner operating as a fractional risk or cyber leader - board reporting, committee support, team coaching, strategic direction. Ongoing retainer.
Start with a conversation.
Whether you are evaluating GRC platforms, assessing your risk maturity, navigating AI governance, or looking for a practitioner who has done the work - we respond within one business day.