Luke Eason

Executive summary 

Luke leads BDO’s Risk Advisory Services in Melbourne. He is a seasoned professional with experience delivering risk advisory and assurance services in Australia and the UK. Prior to joining BDO in 2025, he had a 25-year career with another global professional services firm where his most recent role was co-leader of its national Technology Risk and Cyber practice in Australia.

Luke has worked with many domestic and multi-national clients to design and deliver internal audit, enterprise risk, cyber security and IT audit/risk services. He excels in providing pragmatic and timely input on complex risk and technology issues for Executive and Board-level stakeholders. 

Luke’s sector expertise includes power and utilities, telecommunications, manufacturing, retail and transport and logistics.

Luke has worked with a significant number of clients across a range of industries to help them prepare for compliance with the Australian Government’s Security of Critical Infrastructure (“SOCI”) Act. He is also experienced in consideration of risk, technology, and cyber issues in the context of transactions, both buy-side and sell side. 

Expertise 

• Internal audit 
• IT audit and assurance 
• Cyber security 
• Business continuity 
• Enterprise risk management 
• Security of Critical Infrastructure Act 2018 

Experience 

• Leading the delivery of internal audit services to large, multinational, listed organisations and their equivalents. This has included the full internal audit life cycle from development of IA charter and strategy, annual planning, plan execution and audit committee reporting and presentation. These plans have typically included a full range of specialist services (e.g. IT, cyber, treasury, program assurance). 
• Deep experience of leading the delivery of IT and cyber security services across a range of large clients. These have included technical security testing, SecOps, maturity assessments, security roadmap development, system resilience/recovery, and identity management.  
• Partnering with internal cyber teams to provide independent assurance to executive stakeholders and the Board on the progress of cyber remediation and uplift programs. 
• Definition and execution of third-party risk management programs, including defining policy, risk tiering, information requirements, information gathering, and assessing overall risk management/compliance outcomes.  
• Leading cyber security risk management programs for critical infrastructure entities, including the definition of strategy, the definition of standards, and many aspects of risk identification and treatment. 
• Working with major Australian entities to achieve compliance with the amended SOCI Act. This included program initiation and structure, undertaking asset level risk assessments, developing Critical Infrastructure Risk Management Plans, and performing independent assurance over SOCI compliance programs prior to Board submission to the Cyber and Infrastructure Security Centre.

Qualifications and affiliations 

• LLB (Hons) Law 
• MSs, Internal Audit & Management 
• Member, CA ANZ