Harnessing over two decades of diverse industry experience, notably in financial services, our boutique advisory firm specializes in ICT and cybersecurity. We excel in guiding clients through assessing internal controls, managing security and technology risks, and navigating regulatory requirements (e.g., DORA) with practicality and expertise.

Request a quote

Industries

Spanning across diverse industries, our services are designed to address each sector's unique technology and cybersecurity challenges, ensuring robust protection and compliance in an ever-evolving digital landscape.

Financial Services

Banks

Private banking
Asset servicing
Commercial banking

Investment firms
Professionals of the Financial Sector (Luxembourg PSFs)

Specialized PSFs
Support PSFs

Payment and Electronic Money Institutions
Investment Fund Managers

Management companies
Alternative Investment Fund Managers (AIFMs)

Insurance companies

Technology, Media and Telecommunications

Technology

Cloud service providers
Managed service providers
Software publishers

Media

Broadcasters
Publishers

Telecommunications

Telecommunication operators
Satellite operators

Other industries

Health
Supranationals

Services

Explore our comprehensive range of consulting services tailored to meet your technology and cybersecurity advisory needs tailored to your industry and across the three lines of defense:

Internal Governance: Ad-hoc support concerning technology and cybersecurity internal governance:

Application of the Three Lines of Defense (3LoD) model

External advice to Directors / Board members

Training on technology and cybersecurity

Training on ICT and security regulations (DORA, ECB, CSSF, NIS2, etc.)

Reporting to the internal governance bodies
ICT and Cybersecurity: Ad-hoc support concerning ICT and cybersecurity management such as:

Policies and procedures

Gap assessments vs. standards (e.g., CIS controls, SWIFT CSP, ISO 27001, etc.)

Gap assessments vs. regulations (e.g., DORA, CSSF circulars, NIS2, etc.)

Incident management (e.g., Circular CSSF 24/847)

Selection of cybersecurity tools (e.g., RFI, RFP, etc.)

Remediation roadmaps

Interim Management with respect to ICT and cybersecurity management
ICT and Cloud outsourcing: Ad-hoc support concerning ICT and Cloud outsourcing (e.g., Circular CSSF 22/806) such as:

Policies, procedures, and templates

Criticality or importance assessments

Outsourcing risk assessments

Service providers due diligence

Managing of ICT third-party risk under DORA

Outsourcing notifications to the regulators

Registers of information

Exit plans

Training to Cloud Officers

Interim Management with respect to technology and cloud outsourcing
ICT and Security Risk Management: Ad-hoc support concerning operational risk management of technology and cybersecurity risks:

ICT and Security Risk Management Framework

Risk Appetite statements

Policies, procedures, and templates

Risk taxonomies

Risk Control Self-Assessments

Key controls testing

Digital operational resilience testing program under DORA

Key Risk Indicators (KRIs)

Reporting to the internal governance bodies

Preparation of PSP ICT Assessment form under Circular CSSF 20/750 as amended

Interim Management with respect to ICT and security risk management
Internal Audit: Ad-hoc support to the Internal Audit function where technology and cybersecurity expertise is required:

Pluriannual internal audit plans

Internal audit risk assessments

Internal audit work programs

Internal audit missions

Reporting to the internal governance bodies

Interim Management with respect to ICT and Security internal audit
Training: Tailored professional training services on:

Technology and cybersecurity

ICT and security regulations (DORA, ECB, CSSF, NIS2, etc.)

Cloud Officer role in the financial sector