Executive summary
Dasun is a Risk Advisory Services Director with BDO in Canberra. He is a management and technology consultant with more than 11 years of experience providing risk assurance, technology consulting, and IT audit services to public and private sector organisations. He is focused on not only on supporting his clients to manage risks in a pragmatic way but also enabling them to identify and pursue their strategic priorities through innovation and collaboration.
Dasun is particularly passionate about the management and governance of technology-related risks at government organisations. His experience spans a range of subject areas including cyber security, business resilience and disaster recovery, data, emerging technologies, and digital transformation. His is focused on helping government deliver the best possible outcomes by embracing technology opportunities with clarity and confidence.
Dasun also has experience providing technology risk services in the energy and finance sectors. He has worked with various organisations including energy service providers and large banks, where he has offered his expertise in critical infrastructure security and resilience, information security, and technology strategy.
Expertise
- Technology risk management and assurance services
- Technology audit and internal audit
- Governance, risk and controls
- Cyber security, information security and privacy advisory
- Business resilience advisory
- Data management and governance
- Program and project assurance
Experience
IT governance and risk management
- Federal government: Performed reviews at a range of departments and agencies focused on IT governance and risk management arrangements based on better practice such as ISACA’s COBIT framework and Axelos’ ITIL. Reviews ranged in focus from IT’s strategic alignment to organisational requirements and objectives, governance processes, IT operations, skills and capability management, organisational structures, principles, policies and frameworks, and information management
- Federal government: Performed reviews targeted towards significant IT risks, such as third-party and supply chain risks, operations management, business resilience and change management
- Energy and utilities: Leveraged extensive experience in cyber security and operational resilience to review critical infrastructure risk management programs and strategies for meeting the requirements of the Security of Critical Infrastructure Act 2018
- Finance: Performed reviews of identity and access management arrangements and vulnerability and patch management frameworks.
Cyber security
- Federal government, energy and utilities, and finance: Performed reviews focused on cyber security risks, including extensive reviews on the implementation of control strategies as required by the Australian Government Protective Security Policy Framework and Information Security Manual, Australian Signals Directorate’s Essential Eight and better practice such as ISO 27001:2022 Information Security Management. Reviews ranged in focus from specific control domains (such as network security, access management and change management) to security strategies and maturity assessments of agency security postures.
Business resilience and critical infrastructure risk management
- Federal government and finance: Performed desktop reviews, and developed and facilitated scenario-based workshops to test the business resilience arrangements of organisations
- Federal government: Developed key business resilience frameworks and artefacts including business impact analyses, entity-wide and divisional business continuity plans, supporting checklists and templates, disaster recovery plans, and incident and crisis management frameworks.
Technology projects, programs and related assurance
- Federal government: Performed a range of reviews to improve the management and governance of technology projects, with focus ranging from oversight and reporting, scope, schedule and budget management, to benefits management, stakeholder management, change management, IT change management, data management, security, and resource management
- Federal government: Managed teams embedded within large-scale IT transformation projects to deliver suites of assurance artefacts to support payment integrity. Assurance activities have included payment integrity testing, mapping of legislation and policy-based business rules and developing and maintaining risk and control matrices.
Data management and governance
- Federal government: Developed a data strategy for an organisational branch. This involved extensive analysis of the branch’s strategic priorities and operations, as well as engagement of a broad range of business and technology stakeholders to create a strategy that would enable the branch to achieve its objectives through a modern, efficient and data-driven approach
- Federal government: Developed a data, information and records management framework for IT transformation projects in alignment with relevant better practice and Australian Government requirements. This involved extensive analysis of the existing state of data, information and records management and mapping of relevant better practice and regulatory requirements. Technology tools and a supporting roadmap were designed for the organisation’s maturation of its IT project data, information and records management practices
- Federal government: Reviewed the data and information management framework of an organisational branch. Prior to the branch undergoing an operational transformation, reviewed its data and information management arrangements against better practice and Australian Government requirements to identify key areas of risk and improvement opportunities
- Federal government: Performed an extensive review on the organisation’s obligations as an Integrating Authority. The review focused on understanding data flows both internal and external to the organisation, as well as relevant security controls. Extensive detailed data flow maps were developed based on consultations with internal and external stakeholders, and a broad range of improvement opportunities were defined to support the organisation as it transitioned to its ‘target state’ as a data-enabled policy organisation
- Energy and utilities: Performed a detailed analysis of the organisation’s data management and governance arrangements based on the better practice guidance in the DAMA International Data Management Body of Knowledge.
Qualifications and affiliations
- Bachelor of Engineering (Honours)
- Bachelor of Commerce
- Certified Information Systems Auditor
- Member of ISACA
- Australian Government Security Clearance.