Darren is a Director and National Head of Security and Privacy Risk Services.
Darren has over 17 years of experience in IT internal audit, technology risk consulting, security advisory and data analytics. A qualified Internal Auditor, IT Internal Auditor, Certified Information Systems Auditor (CISA) and previous Payment Card Industry Data Security Standard Qualified Security Assessor (PCI DSS QSA), Darren combines deep cyber risk knowledge with high-impact communications to c-suite and board levels.
Darren has delivered security and privacy assessments across multiple countries for large multinational corporations, and locally for Australian based organisations in both the public and private sectors across all industries. He has worked on an extensive range of technology risk management projects including technical security assessments, governance, and strategy, cybersecurity, information security, data privacy, digital strategy, data governance, technology risk assessments, application/ERP control effectiveness, cloud security assessments, cloud risk strategy, IT project risk, change management, third-party risk, continuity, IT service delivery and compliance.
Prior to joining RSM, Darren worked for a global internal audit and risk consulting firm for over 12 years in London and Melbourne, where he led the Melbourne office’s IT Internal Audit, Technology Risk and Data Analytics solutions.
Darren Booth is a Partner of RSM Australia Partners and a Director of RSM Australia Pty Ltd.
RSM Australia recently completed the first Consumer Data Right (CDR) information security accreditation for a FinTech (non-ADI Open Banking) and Darren was the lead assurance practitioner for the independent assurance report (ASAE 3150). This involved assessing the design and implementation of controls for Part 1 and Part 2 of Schedule 2 in the CDR Rules.
- Led the GDPR and Australian Privacy Principles implementation project for an Australian headquartered international cosmetics retailer. The engagement was subsequently expanded to include a new POS risk assessment and a PCI DSS advisory project.
- Performed a cybersecurity assessment of a diverse conglomerate, benchmarking against a matrix framework based on ISO27000 series and the NIST Cyber Security Framework. The assessment also included the effectiveness of specific controls outlined in the ACSC Essential Eight, ACSC Top 35 and CIS Critical Security Controls Top 20.
- Assessed the implementation of a Microsoft Azure and AWS multi-cloud environment, using the Cloud Security Alliance (CSA) guidance, CIS Benchmarks, and AWS Security Best Practices and Well Architected Framework.
- Led multiple cybersecurity engagements for an online private health insurer, including vulnerability assessments and penetration tests (VAPT). These included the implementation of an information security management system to facilitate alignment with ISO27000 and compliance with APRA CPS 234, taking into account unique risks related to their e-commerce environment and organisation size.
- Evaluated compliance against the Victorian Protective Data Security Standard (VPDSS) and the Australian Government Information Security Manual (ISM). Developed a roadmap to compliance based on gaps identified and remediation of quick wins.
- Professional Member of Institute of Internal Auditors (IIA)
- Member of Information Systems Audit and Control Association (ISACA)
- Certified Information Systems Auditor (CISA)
- Certified Internal Auditor (CIA)
- Internal Audit Quality Assessment Reviewer
- Masters of Engineering and Management (University of Manchester)