Hirun Tantirigama

Managing Director

Hirun is a managing director with 15 years’ experience in providing risk and regulatory advisory services across a variety of clients and industries. He has led complex, transformational programs across areas such as operational risk, regulatory remediation, operational and cyber resilience.​

Hirun’s technical and project management skills is further complemented by his deep understanding of good practice frameworks such as PRINCE2, COBIT, ITIL and NIST. Hirun is part of Protiviti’s global Operational Resilience team and he’s also the regional lead subject matter expert for Asia-Pacific Region. He also has experience servicing clients across New Zealand, Australia and the UK.

As a managing director, Hirun manages a portfolio of complex and risk-based engagements in high demanding environments, while developing and sustaining trusted-advisor and peer relationships with clients at senior and C-suite levels. As part of his role he is also involved in resource planning and headcount management, strategy setting, project commercials, staff training and performance management.

Major Projects

  • Resilience Risk Target Operating Model (TOM): Led the overall program management office (PMO) for resilience risk transformation with Subject Matter Experts embedded across multiple delivery workstreams. Throughout this time-critical program, Hirun partnered with the client to drive momentum and bring insights and informed challenge to deliverables (e.g. service catalogues, risk taxonomy and control library, governance and engagement models and communication and awareness material) in order to meet regulatory expectations.
  • Enterprise Resilience Project: Hirun led a major regulatory project to develop a business and technology resilience plan at a major clearing house in response to a request from the regulator during a period of extensive change at the client. Despite having very little prior experience on clearing operations and technology, Hirun received very positive client feedback and was central to the project delivering to a high standard and within agreed timescales.
  • Top-down Technology Risk Assessment: Hirun led a technology risk assessment at a global asset management client based on Protiviti’s Tech Risk 2.0 methodology to help the business return top technology and cyber risks within tolerance. The scope of this review included identifying inherent business and technology risk scenarios and then assessing residual risk levels based on how existing controls contribute towards the mitigation of identified key risk scenarios.
  • Cyber Resilience: In response to a Bank of England request, Hirun assisted a significant market infrastructure client to document their compliance with CPSS-IOSCO’s ‘Cyber Resilience Guidance’ within a short timeframe, while identifying potential gaps and weaknesses to further improve the client’s overall cybersecurity posture.

Areas of Expertise

  • Operational & Cyber Resilience
  • Technology Risk and Governance
  • Program Management Office
  • Regulatory Remediation Programs
  • Enterprise Risk Management, including Operational Risk

Industry Expertise

  • Financial Services, including:
    • Corporate/Retail/Investment Banking
    • General, Life & Health Insurance
    • Superannuation
    • Financial Market Infrastructure (FMI)


  • BE Information & Telecommunications Engineering – Massey University, New Zealand

Professional Memberships and Certifications

  • PRINCE2 (Foundation)
  • Cybersecurity Fundamentals
  • ITIL (Foundation)
  • Certified Information System Auditor (CISA)
  • Member of ISACA and IAPP