Principal, Digital Risks - Advisory

Role purpose

Drawing on our global reach and local risk expertise across 42 offices worldwide, our Digital Risks team helps our clients understand the evolving threat landscape, protect their most critical assets effectively respond to crises and maximise the benefits of technology adoption.

The Principal will lead business development and consulting engagements. This role strengthens our ability to guide senior stakeholders through strategic digital risk challenges, deliver high impact consulting outcomes, and contribute to the development of high-performing teams and the broader Digital Risks practice.

The Principal will serve as a trusted advisor to senior executives, manage a portfolio of complex projects, originate new business, and collaborate across service lines to bring holistic solutions.

Role tasks and responsibilities

Strategic Advisory & Client Leadership
 Serve as a trusted advisor to senior executives and boards, providing strategic guidance on digital risk, resilience, regulatory expectations and evolving technology‑driven threats.
 Translate complex technical and risk insights into clear, commercially relevant recommendations for non‑technical audiences.
 Lead the development and delivery of executive briefings, strategic assessments, and transformation roadmaps that support clients’ long‑term risk and security objectives.

Digital Risk, Cybersecurity & Technology Advisory Delivery
 Lead and oversee complex consulting engagements across digital risk, cybersecurity, technology governance, and organisational resilience.
 Guide the design and execution of maturity assessments, control reviews and risk analyses using leading industry frameworks and regulatory models.
 Ensure actionable, pragmatic and business‑aligned recommendations that enhance clients’ risk management and resilience.
 Provide quality assurance and directional oversight to ensure deliverables meet the highest standards of clarity, insight and practical value.

Regulatory, Governance & Compliance Advisory
 Advise clients on regional and global regulatory obligations relating to cybersecurity, data governance, technology operations, and third‑party risk.
 Engage relevant external specialists and integrate their outputs to ensure seamless, end‑to‑end advisory solutions.

Risk, Crisis & Incident Advisory Support
 Provide senior guidance during digital incidents, investigations, or technology‑related crises.
 Apply principles of crisis management, stakeholder communication and risk assessment to help clients respond to disruptive events.
 Support scenario planning, simulation exercises and resilience-building initiatives.

Leadership of Consulting Engagements
 Oversee multiple concurrent projects, ensuring consistent quality, methodological rigour and strong client satisfaction.
 Lead project teams through scoping, delivery and reporting, ensuring clarity of purpose and alignment with client expectations.
 Promote cross‑service collaboration to deliver integrated, multi‑disciplinary solutions.

Client & Market Development
 Grow and sustain senior client relationships across the region, acting as an ambassador for Control Risks.
 Identify new opportunities, shape proposals and contribute to the growth of key accounts.
 Represent the practice at industry events, conferences and through thought leadership activities.

Practice & People Leadership
 Coach, mentor and develop consultants at all levels, fostering a high‑performing, inclusive and collaborative culture.
 Contribute to the development and improvement of methodologies, frameworks, knowledge assets and service innovation within Digital Risks.
 Role model firm values, champion cross‑regional collaboration and support the Partner in the ongoing development of the practice.

Required Qualifications:
 Bachelor’s degree in cybersecurity, information technology, risk management or a related field (or equivalent experience).
 10–15+ years of experience in digital risk, cybersecurity, technology risk, or integrated risk advisory roles.
 Significant experience advising C suite and Board level stakeholders, translating complex technical risk into strategic and commercial implications.
 Proven ability to lead complex, multi disciplinary consulting engagements and manage diverse senior stakeholders across regions.
 Demonstrated success in originating business, growing key accounts, and shaping proposal strategies.
 Strong understanding of cybersecurity, technology governance, digital resilience, and core security domains.
 Experience navigating regional regulatory environments (e.g., MAS, HKMA, sectoral regulators, privacy frameworks).
 Demonstrated ability to analyse complex security data and deliver clear, actionable recommendations informed by industry best practices.
 Experience providing senior guidance during major incidents or technology-related crises.
 Proven experience leading, developing, and mentoring teams to deliver high quality outcomes.

Desired Skills:
 Professional certifications such as CISSP, CISM, CRISC, CISA, or cloud security or privacy related certifications (preferred but not essential).
 Experience working across multiple jurisdictions and cultures, ideally within APAC or other complex regulatory markets.
 Strong communication and executive level presentation skills, including the ability to articulate strategic point of view to non technical audiences.
 Experience with emerging digital risk areas such as AI governance, cloud native architectures, OT/ICS security, digital supply chain resilience, and / or third party technology risk.
 Demonstrated contribution to thought leadership, industry engagement, or external speaking.
 Strong project and programme management capability, with experience overseeing multi stream, large scale transformation or risk uplift programmes.
 High digital fluency, including comfort with collaboration tools, CRM systems, data driven insights, and new ways of working.
 Ability to travel when required for client leadership, business development, and key delivery milestones.