Joseph Green

Executive summary

Joseph is a Director in BDO’s Risk Advisory Services team in Melbourne, with deep expertise across cyber security and privacy risk. Joseph is passionate about driving value in lean security teams through innovation, automation and simplification. Joseph has extensive experience in professional services across the UK and Australia, complemented by significant industry experience managing complex security teams.

In his most recent role, he led the security assurance team for a major superannuation provider. Joseph brings deep knowledge of cyber security and is highly skilled in applying frameworks such as ISO27001, NIST CSF and Essential Eight.

Expertise

• Cyber and privacy risk management
• Information security management systems
• Incident management
• Training and awareness
• Third party risk management
• Automation and AI in security processes

Experience

• Led the information security team at Australia’s largest superannuation provider, driving initiatives in control implementation, risk management, control assurance and automation. Oversaw key functions including access management, vulnerability management, penetration testing, third-party assurance, data loss prevention and controls testing
• Delivered ISO27001 certification audits and internal audit offerings, and supported organisations in achieving ISO27001 certification through tailored implementation strategies
• Conducted a strategic review for a major mining organisation to identify opportunities for automation and AI within its information security operations
• Delivered multiple NIST CSF assessments, including for a large Victorian Government department, culminating in a three-year strategic roadmap to uplift security capability
• Served as ASPAC Data Protection Officer for a global financial services organisation, leading a regional privacy maturity uplift to align with EU GDPR requirements
• Developed and implemented third-party security assurance frameworks for numerous organisations, including a managed service model for ongoing assessments
• Designed and executed a controls assurance program for a large superannuation provider, leveraging critical asset analysis to ensure governance and risk management practices were proportionate to risk exposure
• Performed numerous privacy audits and Privacy Impact Assessments (PIAs) for government departments and private entities

Qualifications and affiliations

• Certified Information Privacy Professional – Europe (CIPP/E)
• Certified Information Privacy Manager (CIPM)
• Certified Information Privacy Technician (CIPT)
• Systems Security Certified Practitioner Certification (SSCP)
• ISO27001 Lead Auditor

Professional engagements and activities

• AI didn’t create new risks for the public sector - it amplified existing ones | The Mandarin (October 2025)
• BDO pushes for AI and automation transition to streamline processes | Accounting Times (May 2025)