Welcome to ISACA Melbourne Chapter!

As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems.  Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

ISACA has more than 200 chapters established in over 180 countries worldwide providing members education, resource sharing, advocacy, professional networking and a host of other benefits on a local level. 

ISACA Melbourne Chapter was established in 1980 and has over 1,000 members.

Our Melbourne Chapter provides monthly professional development sessions, training on our frameworks and study/ review sessions for all our four core certification exams, and helps to further promote and elevate the visibility of the IS audit, control and security profession throughout the Melbourne area.

This chapter is run by volunteers who are ISACA members elected at the Chapter's Annual General Meeting (AGM).  The Chapter highly encourages its member to actively participate and volunteer to the chapter.


Wayne Tufek

As a Director of CyberRisk, Wayne works with a diverse number of clients from national household brands to small businesses, providing advice on how to secure their information and information systems and how to manage their risk effectively. Before CyberRisk, he formulated pragmatic business-driven strategies to establish, execute and improve cyber risk management in ASX listed companies and some of Australia’s largest organisations across the public sector, Big 4, financial services, consumer products, education, and retail sectors. Wayne brings practical hands-on experience leading security functions and successfully uplifting security maturity and capability, all the while managing budgets, resource constraints, and stakeholder expectations. He is frequently asked to present at security conferences and events in Australia and internationally, including the Australian Cyber Security Centre Conference, AusCERT, RSA APJ, ISC2 Security Congress, AISA, SACON, and CeBit.

Vice President

Suzanne Murray

Suzi is a security, governance and risk specialist with over 25 years’ experience. Suzi has worked in IT, Standards, Risk, Service Management and Security, with a focus on delivering business value, aligning governance to business strategy and managing risk. A strong advocate of Cyber Awareness, having delivered an award winning, global, enterprise security training program for Telstra, she has presented at All Day DevOps and is a founding member of the Melbourne DevSecOps Day Organising Committee. Suzi is on the board of Moreland Community Gardens and is the ISACA Melbourne Chapter Vice President.  

Post-nominals: Certified Information Systems Manager (CISM); Certified Risk & Information Systems Control (CRISC); Certified in the Governance of Enterprise IT (CGEIT); Certified Expert in IT Service Management (ITIL) V4 


Steven Kintakas

Steven is a cyber security professional with a career spanning two decades, and experience across various industries including finance, energy & utilities, resources, transport, manufacturing, health, education, and technology-media & telecommunications. 
A Director at Deloitte within the Risk Advisory division’s Cyber & Strategic Risk practice, and a Senior Security Architect practitioner, Steven has also held technical, generalist, and leadership roles at Computer Associates, CGI, Fujitsu, Dimension Data, and Zimbani. 
Pragmatic in his approach to cyber and information security, Steven is a confident and thorough cyber leader in building trust and managing relationships. In his dedication for providing outcome-based value to manage risk effectively, Steven has previously held positions in the vendor, integrator, consulting, and service provider space including security architecture & strategy, managed services, incident response, and technical solutions & controls. 
A Deakin University alumnus, Steven’s post-nominals include CISM, CDPSE, CISSP, CCSP, and SABSA SCF. 


Trisha Lee

Trisha combines good business acumen, leadership and influencing skills with extensive experience in leading large teams and advising large organisations, primarily in the financial services sector, on their business, data, information and technology related governance, operational and compliance risks and controls needs, as well as internal audit and regulatory compliance requirements. Possessing excellent management, communication and interpersonal skills, Trisha works comfortably with all levels of executive, management and staff.


Trisha has over 20 years of operational and compliance risk experience as she has worked in PricewaterhouseCoopers, Ernst & Young and the ANZ Bank.  She is currently the Head of Data Risk & Compliance within Enterprise Data Governance, Digital Banking at the ANZ Bank.

Immediate Past President

John O’Driscoll

John O’Driscoll is Victoria's first Whole of Government Chief Information Security Officer. He was appointed to the role in October 2017, where he created and leads the Cyber Safety Unit within DPC. His team’s mission is to create a “Cyber Safe Victoria”, and deliver Victoria’s Cyber Security Strategy to assess, monitor and respond to cyber security risks, as well as engaging with the government departments, interstate counterparts, Commonwealth and private sector experts to deliver a resilient and cohesive cyber security environment.

John has over 30 years’ experience in information technology, with a focus on cyber security in financial services and the public sector. He was previously the Senior Manager, Information and Technology Risk at ANZ. He has a keen interest in growing and promoting cyber skills and has lectured in IT Risk and Security related topics at tertiary institutions including Swinburne, RMIT, Deakin and UTS universities.
John is a Board member for the ISACA Melbourne Chapter, Melbourne JCSC (Joint Cyber Security Centre), and University of Melbourne Academic Centre for Cyber Security Excellence. John is also a recently appointed Fellow of the Australian Information Security Association (AISA).

Research Director

Abbas Kudrati

Abbas Kudrati is a highly regarded cybersecurity expert and accomplished public speaker, currently serving as Microsoft Asia's Lead Chief Cybersecurity Advisor for the Security Solutions Area. In this role, he advises on cutting-edge cybersecurity strategies and technologies to ensure Microsoft's clients remain safe in an increasingly digital world. 

Beyond his work at Microsoft, Abbas is a sought-after executive advisor to numerous prestigious organizations, including La Trobe University, HITRUST Asia, and EC-Council Asia. He also supports the broader security community through his work with ISACA Chapters and by mentoring students. 

As a bestselling author, Abbas has written several authoritative books on cybersecurity, including "Threat Hunting in the Cloud" by Wiley, "Zero Trust and Journey Across the Digital Estate" by CRC Press, and "Managing Risks in Digital Transformation" by Packt. " by Packt 

Abbas is also a highly respected part-time Professor of Practice at La Trobe University and a keynote speaker on a range of cyber security related topics, including zero-trust, cloud security, and governance, risk, & compliance. His extensive expertise in the field of cyber security and engaging speaking style makes him a popular choice for events, conferences, and corporate training sessions. His post-nominals include CISM, and CISA.   

Membership Director

Omar Alarcon

Omar is an audit, governance, risk and compliance specialist with over 20 years of experience across different industries, including telecommunications, education, transport, energy and oil, finance and insurance, as well as public service. 
Currently serving as a Senior Auditor in Australian Unity, Omar has previously served in technical and leadership roles in Telstra, Public Transport Victoria, PwC, and the National Disability Insurance Agency (NDIA). 
In those roles, Omar has always promoted the added value that GRC initiatives can provide to business areas and is passionate about building relationships with internal and external stakeholders. As a complement to the technical areas, Omar is preparing an initiative on LinkedIn called “#BeKind” aiming to raise awareness about kindness in the workplace. 
Omar is also passionate about running, having completed a number of Half Marathons in Melbourne during the last few years. His post-nominals include CRISC, CISM, CISA, CDPSE, ITIL and ISO 27001. 

Professional Development Director

Natalie Hingco Perez

Natalie is a technology risk and assurance professional and has over 20 years of experience working in consulting and financial services organisations. She describes her work experience as an evolution and transformation, with various roles in finance, audit, academic and technology. Natalie is currently working as Manager in Group Internal Audit at IAG, with technology risk as her main portfolio. 

Prior to being a Board Member and the Professional Development Director, Natalie was the SheLeadsTech Melbourne Coordinator.  Under her leadership, SheLeadsTech Melbourne was awarded by ISACA as one of the 2022 Most Innovative Chapter Programs.  She was a speaker the in the 2022 ISACA Global Leadership Summit and was featured on We Are ISACA Episode 2. Natalie was also the Engage Topic Leader to the Audit and Assurance community in July to December 2022.  

 Natalie maintains certifications and memberships with ISACA, IIA, AISA and AWSN. 

Certifications Director

Bharat Bajaj

Bharat is an enthusiastic risk professional with 15 years of Governance Risk and Compliance experience. Bharat has Bachelor in Information Technology and multiple industry certification including ISACA CRISC, CISM and CDPSE certification. Bharat is passionate about protecting privacy and take special interest discussing technical and business controls to mitigate data risks.
Bharat is Certification Director for ISACA Melbourne and a strong advocate for the ISACA certifications. Bharat is an accredited trainer and enjoy educating risks, controls, information security and privacy related subjects.
Working in financial industry for 15 years, Bharat has design and implement controls using Cobit, PCI DSS, CPS234, GDPR, APP, NIST and ISO27001 standards and frameworks.

Diversity Director

Reshma Devi

Reshma is an experienced Data, Security and Technology Risk specialist.
She has a Masters in Information Technology and loves anything that involves Data. With over 20 years’ experience in Banking and Financial sector in Australia and New Zealand, Reshma is very passionate about Data Security and emerging data challenges.
Reshma is the Diversity Director for ISACA Melbourne. She is also the Ambassador for ISACA’s SheLeadsTech and previous Coordinator for SheLeadsTech Melbourne. Reshma is the Women in Leadership Program Lead at Australian Women in Security Network (AWSN) and the AWSN Chapter Lead for Melbourne.
Reshma was the finalist in Women in Security Awards in 2020 for People’s Choice Award in IT Security, and was also nominated for Best Student Security Leader, AWSN Award for 2020, Australia’s most outstanding Women in Protective Security/Resilience and The One to Watch. In 2021, she has been nominated for the Best Volunteer for Women in Security Awards.
Reshma supports women transitioning between careers and is passionate about helping students with mentoring and guiding careers in Technology and STEM. Her passion has led her into assisting women in leadership roles and working on many women led initiatives.

Marketing & Communications Director

Zahir Ali Quettawala

Based in Melbourne, Australia, Zahir, is an experienced ICT professional specializing in cybersecurity, technology, and risk advisory services. He has more than 23 years’ experience delivering a wide range of business and IT projects, ranging from strategy development through to system implementations across Australia and Asia.
Zahir often works with the C-suite and senior management where he helps them understand the cyber threats and risks that impact their business and the strategic activities required to manage these risks. He also works with technical teams to help them understand the security vulnerabilities and technical security gaps in their organisations’ systems and processes, and the remediation activities required to address them. 
He is currently working with PWC as Manager, Trust and Risk. In addition, he serves as Honorary Industry Professor with Deakin University and as an accredited trainer with ISACA Australia and US Chapters and has delivered various information` security trainings and cybersecurity boot camps across many organisations, insititutes and universities. Zahir holds industry certifications including the: CISA, CISM, CRISC, CDPSE.