C-Suite Risk Rigour,
AI-Accelerated.
Don't hire a team. Access 23+ years of enterprise-grade risk and regulatory compliance leadership, amplified by my proprietary CogniRisk engine to deliver weeks of analysis in hours. Serving companies across Australia, New Zealand, and Southeast Asia with deep risk and regulatory compliance expertise.
Expertise trusted by
For too long, the industry has accepted that the only way to generate risk and compliance insights is to hire people. Not anymore...
The Intelligence Paradigm
We can now compress months of discovery into hours without sacrificing a single ounce of rigour.
The Speed Paradigm
I didn't build CogniRisk to replace experts. I built it to free companies from analysis paralysis so they can get on with taking action.
Expert Augmentation
This isn't an experiment. It is the only way forward for companies that want to survive and compete in an AI-accelerated world.
The Point of No Return
The complexity of interconnected systems and data has grown exponentially, but human intelligence and capability has remained the same.
The Human Burden
Adding a chatbot to a messy GRC platform doesn't fix the mess. Your data needs to be fundamentally reviewed and uplifted.
The Platform Problem
What we call 'current methods' are actually the 'old ways of working.' Once you see the future, you can't go back.
The New Standard
Closing the gap between Enterprise Rigour and Scale-Up Speed.
After 23 years at institutions like ANZ and Barclays, I saw a widening divide. Global banks had deep expertise and resources. Start-ups and scale-ups were agile and hungry, but time-poor and resource-constrained. The mid-market was stuck in the middle—drowning in manual complexity.
I built CogniRisk to bridge this gap. For the fast-moving founder across Australia, New Zealand, and Southeast Asia, it means getting foundational risk and compliance baselines ready without slowing product momentum. For the mid-market executive, it brings "big bank" rigour without the bureaucracy—especially critical for regulated entities and companies navigating complex regulatory environments.
I replace inconsistent manual analysis with a robust, repeatable AI-backed workflow in hours instead of months. I bring the strategic clarity of a global firm partner, delivered at the speed of a startup.
THE ENGINE
See CogniRisk in Motion
See how I use CogniRisk—the workflow that turns weeks of manual risk work into hours.
Board-Grade Outputs
Executive summaries, obligations maps, and control coverage snapshots ready for your board pack.
AI + Human Validation
Autonomous agents generate the analysis, I validate the context before you see it.
Start with an Engagement
CogniRisk is not client-facing—you receive the executive risk & compliance report once you purchase an engagement.
My engine. Your efficiency.
CogniRisk compresses the work of an analyst team from weeks to hours. You don't manage another SaaS layer—you receive board-grade outputs.
Speed & Efficiency
Actual time savings vary by scope and complexity.
Why it’s different
Every engagement pairs CogniRisk automation with my leadership. Here's how it differs from traditional consulting.
Transparent engagement paths.
Whether you're a scale-up needing a foundation or a mid-market firm needing an uplift, I have a tailored engagement model.
Start-Ups & Scale-Ups
Compliance for Growth
Establish your baseline risk and compliance posture beyond just InfoSec. I handle the ongoing maintenance of your SOC 2 & ISO 27001 programs for Australian and New Zealand companies so you can focus on product.
- Baseline Risk & Compliance Assessment
- SOC 2 / ISO 27001 Program Maintenance
- Vendor Risk Vetting Sprint
Regulated Mid-Market
Risk Rigour for Scrutiny
Strategic leadership and AI-accelerated rigour for complex regulatory mandates. Validate Risk Appetite and optimise coverage for regulated companies across Australia, New Zealand, and Southeast Asia.
- Enterprise GRC Framework Uplift
- Board-Ready RAS & Metrics
- Control Rationalisation (95% faster)
- Risk Appetite Setting & Stress Tests
Enterprise Fractional
Embedded Risk/Compliance Leadership
Embed a fractional CRO/CCO into your organisation, delivering immediate and reliable impact — accelerated with AI.
- Experienced risk/compliance leader
- Exec/board reporting rhythm
- Outsource repetitive work
- Execute planned uplift using AI
APRA Prudential Standards
Deep expertise across key APRA prudential standards for risk management, recovery and resolution, and operational resilience.
CPS 190
APRARecovery and Exit Planning
Recovery planning and exit planning for financial institutions.
CPS 220
APRARisk Management
Enterprise risk management framework, risk appetite, and board risk governance.
CPS 230
APRAOperational Risk Management
Operational risk framework, risk identification, assessment, and mitigation.
CPS 234
APRAInformation Security
Information security framework, cybersecurity risk, and data protection.
CPS 900
APRAResolution Planning
Resolution planning and operational continuity in resolution (OCIR) readiness.
Available Fractional Risk & Compliance Roles
Comprehensive fractional leadership and specialist roles. Ideal for companies needing experienced expertise without full-time overhead.
All roles leverage AI-accelerated delivery to execute tasks typically requiring multiple FTEs.
Fractional CRO
Chief Risk Officer oversight for enterprise risk management, risk appetite, and board-level risk governance.
Key Tasks & Responsibilities
- Enterprise risk framework development and uplift
- Risk appetite statement and metrics
- Board and executive risk reporting
- Risk committee support
- Regulatory risk management (APRA CPS 220, CPS 230)
- Operational risk management
- Stress testing and scenario analysis
Fractional CCO
Chief Compliance Officer leadership for regulatory compliance programs and regulatory liaison.
Key Tasks & Responsibilities
- Compliance framework design and implementation
- Regulatory gap analysis and remediation
- APRA compliance (CPS 190, CPS 220, CPS 230, CPS 234, CPS 900)
- Regulatory change management
- Compliance monitoring and testing
- Regulatory reporting and submissions
- Compliance training and awareness
Fractional Vendor Risk Manager
Third-party risk management including vendor assessments, due diligence, and ongoing monitoring.
Key Tasks & Responsibilities
- Vendor risk assessment framework
- Due diligence and onboarding reviews
- APRA CPS 230 (Operational Risk Management) compliance
- Vendor risk monitoring and reporting
- Contract risk review
- Vendor incident management
- Vendor risk metrics and dashboards
Fractional Assurance Manager
Internal assurance, control testing, and compliance validation programs.
Key Tasks & Responsibilities
- Assurance framework design
- Control testing and validation
- Compliance testing programs
- Internal audit coordination
- Issue management and remediation tracking
- Assurance reporting to management and board
- Quality assurance over risk and compliance activities
1st Line Risk Support
Embedded risk management support for business units, operational risk, and day-to-day risk activities.
Key Tasks & Responsibilities
- Operational risk identification and assessment
- Risk register maintenance
- Control design and implementation
- Risk event management
- Business continuity planning (APRA CPS 230)
- Process risk assessments
- Risk training for business teams
2nd Line Risk Oversight
Independent risk oversight, challenge, and governance from the second line of defence.
Key Tasks & Responsibilities
- Risk framework oversight and challenge
- Risk appetite monitoring and reporting
- Policy and standard development
- Risk governance and committee support
- Regulatory compliance oversight
- Risk culture and capability uplift
- Independent risk assessment and validation
Contract Work Opportunities
I'm open to contract assignments for risk and compliance roles, subject to availability and concurrent client commitments. Whether you need a fractional CRO for a 6-month project, a contract Vendor Risk Manager, or ongoing fractional support, I deliver enterprise-grade expertise with AI-accelerated efficiency.
Core competencies
What 23+ years delivers
Risk and compliance are inseparable disciplines. Here are the levers I pull most often to keep founders, boards, and investors ahead of regulatory scrutiny.
Transparent Engagement Models.
Find the right package. Buy your first output. No hidden fees, no endless hourly billing—just fixed-outcome diagnostics and clear fractional retainers.
Start-Up Engagement
Perfect for Start-ups and Scale-ups needing a rapid risk and compliance posture check.
- 1-Hour Strategic Consultation
- CogniRisk™ Report (Public Profile)
- Rapid Posture Assessment
Regulatory Readiness
Comprehensive session to set risk appetite levels and determine inherent risk impacts.
- 2-Hour Strategic Consultation
- Set Risk Appetite Levels
- Set Inherent Risk Impacts
- CogniRisk™ Report (Enhanced Profile)
Enterprise Fractional
True fractional risk & compliance leadership on retainer. Monthly billing for 12 months.
- Embedded risk/compliance leader
- Delivery of agreed set of activities
- Work with your data and systems
- Custom reports and outputs
Fractional Work & Retainers
For ongoing execution after the diagnostic phase.
Fractional Block
$365 / 2-hour block
Ad-hoc support, specific projects, and targeted analysis.
Buy BlocksExecutive Retainer
$1,650 / month (10 hrs)
12-month commitment with monthly billing. Ongoing risk and compliance oversight. Extra blocks @ $350. Bespoke engagements available—contact to discuss.
Cancellation: 30 days before next monthly anniversary payment.
Start Fractional SupportBooking: All consultations are booked via Calendly after payment.
Office Hours: AEST/AEDT (Australian Eastern Time).
Bio
Who you’re working with
23+ years across ANZ, 1835i, Barclays, and Visa Europe—paired with CogniRisk so founders and boards get enterprise-grade risk and compliance outcomes without enterprise drag.
Curiosity is my operating system.
I've spent my career running toward problems without playbooks. From ANZ to Barclays to launching Automated Compliance Partners, I seek ambiguity because that's where breakthroughs hide.
Outcome-obsessed, process-optimised.
I respect governance but avoid bureaucracy. No stand-ups, no ticket queues—just disciplined diagnostics, board-grade storytelling, and parallel delivery across risk and compliance.
AI isn't a buzzword—it's my team.
CogniRisk orchestrates AI and LLM agents that harvest obligations, map controls, and pressure-test appetites while I stay accountable for validation. It's enterprise assurance at founder speed.
Still climbing—and that's the point.
I went deep on AI/LLMs, spent sleepless nights taming the tech, and pushed until the platform met my standards. There's always more to learn, but after seeing what's possible, there's no going back.
“I build deep partnerships because I care about the people behind the work and their stories. I'm grateful to every founder and operator—especially early believers like Katana1—who trusted me with fractional mandates. Outside work, I'm still that restless tinkerer: learning new tools, trying to raise well-adjusted kids, and keeping humility at the centre of it all.”
Track Record
Milestones
Group Operational Risk & Compliance
Led enterprise-wide risk and compliance uplift, embedding regulatory mandates and translating appetite into operating rhythms.
Head of Risk
Built ANZ's non-bank risk management framework—policies, controls, assurance approach, and consistent systems.
Global Change Leadership
Drove Hard Brexit readiness and the holding-company restructure, ensuring continuity across regulators and jurisdictions.
Regulatory Change Delivery
Partnered with global stakeholders to ensure commercial operations complied with new regulation.
FAQ
Got Questions?
Answers based on how I work with founders, scale-ups, investors, and regulated companies. Have a specific requirement or wondering if CogniRisk can handle your use case? Ask away if you can't see your question here.
What exactly is CogniRisk?
+
CogniRisk is my proprietary AI-first platform that builds a company profile from public information, orchestrates a network of autonomous agents, and compresses weeks of risk and compliance analysis into hours. It's not a tool you learn—it's the infrastructure I use to deliver board-grade outputs.
Can CogniRisk handle specific tasks or custom requirements?
+
CogniRisk is designed for detailed, repetitive tasks with large data requirements. For standard risk and compliance assessments, I provide a CogniRisk report as a quick start. For complex or bespoke requirements, I adapt CogniRisk using AI co-pilots to build custom analysis tools tailored to your needs. This bespoke approach is available as a premium service, ensuring you receive exactly what you need—whether leveraging existing CogniRisk capabilities or custom solutions.
Do I or my team get access to the platform?
+
No—the platform is for my delivery workflow only. You engage me, I run the engine, and you receive the output with executive-level advice. That keeps the experience simple for you while ensuring quality control.
Can you work with our internal data?
+
Yes. CogniRisk starts with public information but can ingest files, interview notes, control inventories, and risk appetite statements. I can also export structured data back into your GRC platform so everything stays interoperable.
How do you keep client information secure?
+
CogniRisk runs on hardened infrastructure (Supabase, Vercel, Google Cloud, Cursor). I enforce MFA everywhere, limit access to myself, and keep client artefacts inside those environments. No data leaves the secured workspace without explicit approval.
What other AI/LLM tools do you use?
+
I'm constantly experimenting with new models and tools to bring about the best outcome for my needs and the needs of my clients.
How can I pay for your services?
+
All packages and 2-hour follow-on work blocks can be purchased via credit card using Stripe. I also accept local bank transfers.
What happens after I buy the Start-Up or Regulatory Readiness engagement?
+
You receive a welcome email with a Calendly link, I run CogniRisk on your company, and we meet for a working session. You get the executive risk & compliance report, tailored recommendations, and a plan for next steps.
Do you only work with Australian companies?
+
No. My experience spans ANZ, Barclays, Visa Europe, and global portfolios. I work with founders and risk leaders globally, provided we can align on time zones and regulatory context.
Is the report “regulator-ready”?
+
It is regulator-ready in the sense that it’s contextually sound, evidence-based, and aligned to the frameworks we prioritise together. Final submission or attestation always remains your responsibility, but my output is crafted for executives, auditors, and regulators.
What if I just want advice without a full engagement?
+
You can book fractional blocks (AUD $365 per 2-hour block) for standard work. You can also book retainers if you need ongoing support. However, the flagship Start-Up and Regulatory Readiness engagements remain the fastest way to get the full executive report.
What are the terms for the Executive Retainer?
+
The Executive Retainer is a 12-month commitment billed monthly at $1,650 AUD per month, guaranteeing 10 hours of work each month. You can cancel the retainer by providing 30 days written notice before your next monthly anniversary payment date. Additional 2-hour blocks beyond the included 10 hours are available at $350 per block for retainer customers. For bespoke engagements and complex problem sets, contact me to discuss custom pricing.
Can you help with other regulations and regulatory bodies?
+
Yes. I have deep practical understanding of how regulations are structured and governed, which enables me to quickly understand any regulation, identify relevant guidance, and translate requirements into obligations and risk and compliance frameworks. CogniRisk and LLMs accelerate my ability to familiarise myself with new regulatory requirements and deliver value rapidly.
Register interest