Hellen Thomas

Executive summary

Hellen Thomas is a Risk Advisory Services Partner with BDO in Canberra. With more than 25 years’ experience in driving strategic growth and addressing complex needs, Hellen is passionate about building trusted relationships and providing innovative approaches for her clients. 

Hellen has extensive professional consulting expertise in governance and risk management, policy and programs, projects and business resilience. She has a particular focus on cyber security, information security, data governance and privacy, technology and digital transformation, emerging technology and business continuity and resilience.

Over the course of her career, Hellen has delivered professional services across the government and public sector, financial institutions, higher education and energy and utilities sectors.

Expertise

• Technology risk management and assurance services
• Technology audit and internal audit services
• Governance, risk and controls services
• Cyber security, information security and privacy advisory
• Business resilience advisory
• Data governance
• Program and project assurance.

Experience

• Cyber security advisory services: Led the delivery of cyber security advisory and assurance engagements across numerous public sector agencies to include cyber maturity assessments, cyber strategy development, cyber governance, risk and compliance, cyber program design, planning, and implementation advisory, cyber resilience planning and testing, third party risk management.
• Data governance and privacy advisory services: Advising clients in the domains of data strategy, data governance and data management (using frameworks such as DMBoK), data security and data privacy frameworks (Privacy Act, ISM, PSPF and ISO requirements) and data release frameworks.
• Program and IT projects advisory: Advising government clients on large information and communications technology (ICT) transformation projects, to include Governance, Risk and Compliance (GRC) consulting, project assurance and project recovery advisory.
• Resilience, crisis planning, IT disaster recovery planning and business continuity management: Led projects in designing and implementing resilience frameworks, policies and programs, and structures.
• GRC and internal audit and assurance advisory services: Assisting government policy, program and projects, and enabling function areas with GRC and assurance advisory services across grant programs, finance function, people and resources, procurement and contracting, crisis and continuity management and risk management.
• Program and project consulting reviews: Led the delivery of program and project consulting reviews, with a focus on technology related projects, to include project health checks, ‘inflight’ live assurance during program and project delivery to executive and boards, and portfolio, program and project assurances aligning with Digital Transformation Agency requirements for significant transformation programs and projects.
• Assurance programs and mapping: Led the development of risk-based assurance frameworks and plans, including assurance mapping activities, and the overall implementation of the assurance program of work for government agencies.
• Live assurance: Led ‘live assurance’ services to key frontline agencies, during the global pandemic, including the Department of Health and Ageing. Hellen led the delivery of real-time risk and assurance advisory services to front-line agency executive management, as they rolled out Australian Government emergency policy programs and measures in response to the pandemic.

Qualifications and affiliations

• Bachelor of Information Technology
• Bachelor of Business
• Member of Information Systems, Audit and Controls Association
• Member of the Institute of Internal Auditors.