Meet The Leadership Team

Our Story

Our team is made up of bright and like-minded individuals, who have come together to explore endless possibilities. We come from a variety of different fields and technical backgrounds, yet our passion for Risk Cypher ties us all together. Check out some of the people who make Risk Cypher the amazing company it truly is.

Our Mission and Vision

Mission: At Risk Cypher, we believe that business intelligence must be paired with emotional intelligence to truly understand and manage risk. We help businesses make data-driven risk management decisions considering the human factor to minimize risk and maximize success.

Vision: The Risk Cypher vision is to set the standard in the professional services industry by providing best-in-class risk and security services that advance your company’s strategic advantage.

Why Choose Us?

We Follow: Technology Risk Management Best Process Practices


Risk Governance
  1. A dedicated committee or council exists to consider IT risk.

  2. The council meets at regular intervals.

  3. Risk events are owned and monitored by Business stakeholders.

  4. Business stakeholders participate in council meetings and are always consulted on changes to risk posture.

  5. Management & the Board sign off on all action plans for non-negligible IT risk.

  6. The CRO holds accountability for executing the risk management program.

  7. Accountability for IT risk decisions is held by the CEO.

Risk Identification
  1. The 2nd Line of Defense possesses an updated risk register to reflect IT’s overall risk portfolio.

  2. Risk identification exercises are conducted bi-annually by the 1st Line of Defense.

  3. The IT risk register is developed and updated collaboratively with key business stakeholders.

  4. Risk events are brainstormed using high-level IT risk categories and refined using COBIT 5 IT processes.

Risk Assessment
  1. Formal risk assessment exercises are conducted on a periodic basis.

  2. The senior leadership team defines unacceptable risk thresholds.

  3. All identified risk events are assigned a severity level based on probability and impact assessments.

  4. Top risks are reassessed for expected financial impact.

  5. Key business stakeholders participate in risk assessment exercises.

  6. Alternative risk assessment methodologies are employed to create accurate expected cost values.

Risk Response
  1. Response options are brainstormed for all risks exceeding thresholds for acceptable risk.

  2. Each risk event is reassessed for residual risk.

  3. Residual expected cost values are determined for top risks.

  4. Costs and benefits for each response are analyzed over multiple years.

  5. Responses are selected based on cost-benefit analysis and IT’s capabilities to implement the projects.

  6. All risk response recommendations are presented formally to an appropriate Management  Committee for approval.

Risk Monitoring & Reporting
  1. Risk owners are assigned to each risk event.

  2. Key risk indicators (KRIs) and thresholds are developed to track changes in risk severity.

  3. Protocols have been established to escalate risks when thresholds have been breached.

  4. Risks are reported according to an enforced reporting schedule (including the Board).

  5. KRIs, thresholds, and reporting schedules have been approved by senior leadership.


Core Values

Our Core Values represent our corporate culture.

We put our clients first by ensuring they see a return on their investment; we achieve this by leveraging industry best practices, consistently holding ourselves to the highest standards, and continually looking for new techniques to advance our professional services.



Best Practices

Continuous Progress