Derisk Advisory

Harnessing over two decades of diverse industry experience, notably in financial services, our boutique advisory firm specializes in ICT and cybersecurity. We excel in guiding clients through assessing internal controls, managing security and technology risks, and navigating regulatory requirements (e.g., DORA) with practicality and expertise.

Learn more   Request a quote  

Industries

Industries

Spanning across diverse industries, our services are designed to address each sector's unique technology and cybersecurity challenges, ensuring robust protection and compliance in an ever-evolving digital landscape.

Financial Services

  • Banks
    • Private banking
    • Asset servicing
    • Commercial banking
  • Investment firms
  • Professionals of the Financial Sector (Luxembourg PSFs)
    • Specialized PSFs
    • Support PSFs
  • Payment and Electronic Money Institutions
  • Investment Fund Managers
    • Management companies
    • Alternative Investment Fund Managers (AIFMs)
  • Insurance companies

Technology, Media and Telecommunications

  • Technology
    • Cloud service providers
    • Managed service providers
    • Software publishers
  • Media
    • Broadcasters
    • Publishers
  • Telecommunications
    • Telecommunication operators
    • Satellite operators

Other industries

  • Health
  • Supranationals

Services

Services

Explore our comprehensive range of consulting services tailored to meet your technology and cybersecurity advisory needs tailored to your industry and across the three lines of defense:

Internal Governance

  • Ad-hoc support concerning technology and cybersecurity internal governance:
    • Application of the Three Lines of Defense (3LoD) model
    • External advice to Directors / Board members
    • Training on technology and cybersecurity
    • Training on ICT and security regulations (DORA, ECB, CSSF, NIS2, etc.)
    • Reporting to the internal governance bodies

ICT and Cybersecurity

  • Ad-hoc support concerning ICT and cybersecurity management such as:
    • Policies and procedures
    • Gap assessments vs. standards (e.g., CIS controls, SWIFT CSP, ISO 27001, etc.)
    • Gap assessments vs. regulations (e.g., DORA, CSSF circulars, NIS2, etc.)
    • Incident management (e.g., Circular CSSF 24/847)
    • Selection of cybersecurity tools (e.g., RFI, RFP, etc.)
    • Remediation roadmaps
  • Interim Management with respect to ICT and cybersecurity management

ICT and Cloud outsourcing

  • Ad-hoc support concerning ICT and Cloud outsourcing (e.g., Circular CSSF 22/806) such as:
    • Policies, procedures, and templates
    • Criticality or importance assessments
    • Outsourcing risk assessments
    • Service providers due diligence
    • Managing of ICT third-party risk under DORA
    • Outsourcing notifications to the regulators
    • Registers of information
    • Exit plans
    • Training to Cloud Officers
  • Interim Management with respect to technology and cloud outsourcing

ICT and Security Risk Management

  • Ad-hoc support concerning operational risk management of technology and cybersecurity risks:
    • ICT and Security Risk Management Framework
    • Risk Appetite statements
    • Policies, procedures, and templates
    • Risk taxonomies
    • Risk Control Self-Assessments
    • Key controls testing
    • Digital operational resilience testing program under DORA
    • Key Risk Indicators (KRIs)
    • Reporting to the internal governance bodies
    • Preparation of PSP ICT Assessment form under Circular CSSF 20/750 as amended
  • Interim Management with respect to ICT and security risk management

Internal Audit

  • Ad-hoc support to the Internal Audit function where technology and cybersecurity expertise is required:
    • Pluriannual internal audit plans
    • Internal audit risk assessments
    • Internal audit work programs
    • Internal audit missions
    • Reporting to the internal governance bodies
  • Interim Management with respect to ICT and Security internal audit

Training

  • Tailored professional training services on:
    • Technology and cybersecurity
    • ICT and security regulations (DORA, ECB, CSSF, NIS2, etc.)
    • Cloud Officer role in the financial sector