Hanneke Catts


Hanneke is a director in Sydney with over 15 years’ experience focusing on technology consulting, including privacy, technology risk, project management and assurance, IT controls and security compliance, enterprise risk management, and internal audit and regulatory compliance. She has worked with many organisations in Sydney and London with large and complex IT environments in financial services, technology, government, health and manufacturing and smaller organisations with specific IT needs.

Major projects and accomplishments

  • Privacy project management: Hanneke was engaged by a large financial services organisation as a workstream lead for a major regulatory compliance privacy program. She was responsible for delivering all activities defined within the workstream plan in relation to meeting Australian and EU (GDPR) privacy compliance obligations for personal data and reporting progress and status to the executive action team.
  • Privacy assessment: Hanneke has led various privacy management reviews across privacy programs and functions. She was responsible for reviewing the policy for privacy management and advising on compliance with the Australian Privacy Act, including data management processes. As part of the reviews, she also assessed the process for handling privacy data breaches per legislative requirements.
  • Automated controls operating model: Hanneke led the team that delivered the automated controls operating model for a large financial services organisation. The operating model consisted of developing a toolkit for the identification and analysis of automated controls as well as supporting guidance and instructions. In addition, the engagement also provided two proof of concepts that utilised the operating model to identify and assess the design and operational effectiveness of automated controls.
  • IT risk assessment: Hanneke has led multiple risk management projects for various financial services organisations. Her role consisted of planning the review of key risk areas, risk identification through interviews with key executive managers, developing a risk register, facilitating a risk assessment workshop, and presenting the outcomes. She has also worked in a large financial services organisation, providing operational risk advice and consultation, including conducting major technology risk assessments and supplier risk management.
  • IT controls assurance: Hanneke was engaged to provide controls assurance at a financial services organisation in London.  Hanneke was responsible for leading the assurance work for the Privileged IT Access Management program, adopting a methodology of assessing IT controls split into design and operating effectiveness and assessing underlying technical controls implemented concurrently with the testing.

Areas of expertise

  • Technology risk
  • Privacy
  • Project management and assurance
  • IT controls
  • IT security

Industry experience

  • Financial Services
  • Technology
  • Government

Professional memberships and certifications

  • Certified Risk and Information Systems Control (CRISC)
  • Certified Data Privacy Solutions Engineer (CDPSE)
  • Member, ISACA


  • Bachelor of Arts in Informatics (Information Systems), Sydney University