About

Welcome to ISACA Melbourne Chapter!

As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems.  Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

ISACA has more than 200 chapters established in over 180 countries worldwide providing members education, resource sharing, advocacy, professional networking and a host of other benefits on a local level. 

ISACA Melbourne Chapter was established in 1980 and has over 1,000 members.

Our Melbourne Chapter provides monthly professional development sessions, training on our frameworks and study/ review sessions for all our four core certification exams, and helps to further promote and elevate the visibility of the IS audit, control and security profession throughout the Melbourne area.

This chapter is run by volunteers who are ISACA members elected at the Chapter's Annual General Meeting (AGM).  The Chapter highly encourages its member to actively participate and volunteer to the chapter.

President


Wayne Tufek

As a Director of CyberRisk, Wayne works with a diverse number of clients from national household brands to small businesses, providing advice on how to secure their information and information systems and how to manage their risk effectively. Before CyberRisk, he formulated pragmatic business-driven strategies to establish, execute and improve cyber risk management in ASX listed companies and some of Australia’s largest organisations across the public sector, Big 4, financial services, consumer products, education, and retail sectors. Wayne brings practical hands-on experience leading security functions and successfully uplifting security maturity and capability, all the while managing budgets, resource constraints, and stakeholder expectations. He is frequently asked to present at security conferences and events in Australia and internationally, including the Australian Cyber Security Centre Conference, AusCERT, RSA APJ, ISC2 Security Congress, AISA, SACON, and CeBit.

Vice President


Suzanne Murray

 
Suzi is a security, governance and risk specialist with over 25 years’ experience. Suzi has worked in IT, Standards, Risk, Service Management and Security, with a focus on delivering business value, aligning governance to business strategy and managing risk. A strong advocate of Cyber Awareness, having delivered an award winning, global, enterprise security training program for Telstra, she has presented at All Day DevOps and is a founding member of the Melbourne DevSecOps Day Organising Committee. Suzi is on the board of Moreland Community Gardens and is the ISACA Melbourne Chapter Vice President.  

Post-nominals: Certified Information Systems Manager (CISM); Certified Risk & Information Systems Control (CRISC); Certified in the Governance of Enterprise IT (CGEIT); Certified Expert in IT Service Management (ITIL) V4 



Secretary


Steven Kintakas

Steven is a cyber security professional with over two decades of experience, a security architect by trade, having held various leadership and technical positions throughout his career. Pragmatic in his approach to cyber and information security, Steven is focused on building trust and adding value. His experience extends across a range of industries including finance, energy & utilities, mining, online betting, transport, government, health, education, and telecommunications.
 
As a Lead Security Architect at Astralas, Steven is a practitioner and leader focused on building trust. In providing business-driven and outcome-based value to manage risk effectively, Steven has contributed to the improvement of cyber risk management across many ASX-listed companies and some of Australia's largest organisations in fields such as security architecture & strategy, governance risk & compliance, managed services, incident response, research and development, and technical solutions and controls.
 
Previously a Director and sector leader within Deloitte Australia’s Cyber practice, he has also held various leadership and technical positions at Computer Associates, CGI, Fujitsu Australia, Dimension Data, and Zimbani.
 
Steven frequently presents at security conferences and events in Australia and internationally, including at the AISA national Australian Cyber Conference, and the COSAC Security Conference in Ireland and APAC.
 
A Deakin University alumnus, Steven’s post-nominals include CISM, CDPSE, CISSP, CCSP, and SABSA SCF.

Treasurer




Trisha Lee

Trisha combines good business acumen, leadership and influencing skills with extensive experience in leading large teams and advising large organisations, primarily in the financial services sector, on their business, data, information and technology related governance, operational and compliance risks and controls needs, as well as internal audit and regulatory compliance requirements. Possessing excellent management, communication and interpersonal skills, Trisha works comfortably with all levels of executive, management and staff.

 

Trisha has over 20 years of operational and compliance risk experience as she has worked in PricewaterhouseCoopers, Ernst & Young and the ANZ Bank.  She is currently the Head of Data Risk & Compliance within Enterprise Data Governance, Digital Banking at the ANZ Bank.







Immediate Past President

John O’Driscoll

John O’Driscoll is a pragmatic cyber security, operational risk management, and audit professional. He has over 35 years experience in IT governance, risk and compliance across a range of financial services and superannuation organisations (ANZ, CBA, NAB, AMP, Perpetual), insurance, public sector and utility companies 

 

John was appointed to a new role as Head of Risk Technology and Security, at Medibank in mid 2024. Prior to this John served as Victoria's first Chief Information Security Officer (CISO) for 6 years after his appointment in October 2017. He led the development and delivery of Victoria’s Cyber Security Strategy to assess, monitor and respond to cyber security risks, as well as engaging with the government departments, interstate counterparts, Commonwealth and private sector experts to deliver a resilient and cohesive cyber security capability 

 

John has a keen interest in growing and promoting cyber skills. John assists RMIT as a Cyber Security Industry Expert and helps deliver targeted domestic and international cyber skills programs. He has also lectured in IT Risk and Security related topics at tertiary institutions including Swinburne, RMIT, Melbourne University, Deakin, and UTS. 

John was a member and inaugural co-chair of the Australian National Cyber Security Committee, Melbourne JCSC (Joint Cyber Security Centre), RMIT Cyber Industry Advisory Board, and University of Melbourne Academic Centre for Cyber Security Excellence. John has been a board member for the ISACA Melbourne Chapter since 2014, and is a recipient of ISACA’s Tony Hayes Award which recognises outstanding leadership and commitment to the IT Governance profession within the Oceania Region.  John currently holds the ISACA CISA, CISM and CGEIT certifications, and is an inaugural Fellow of the Australian Information Security Association (FAISA). 




Research Director


Reshma Devi

Reshma Devi

Reshma is an experienced Data, Security and Technology Risk specialist.
She has a Masters in Information Technology and loves anything that involves Data. With over 20 years’ experience in Banking and Financial sector in Australia and New Zealand, Reshma is very passionate about Data Security and emerging data challenges.
Reshma is the Diversity Director for ISACA Melbourne. She is also the Ambassador for ISACA’s SheLeadsTech and previous Coordinator for SheLeadsTech Melbourne. Reshma is the Women in Leadership Program Lead at Australian Women in Security Network (AWSN) and the AWSN Chapter Lead for Melbourne.
Reshma was the finalist in Women in Security Awards in 2020 for People’s Choice Award in IT Security, and was also nominated for Best Student Security Leader, AWSN Award for 2020, Australia’s most outstanding Women in Protective Security/Resilience and The One to Watch. In 2021, she has been nominated for the Best Volunteer for Women in Security Awards.
Reshma supports women transitioning between careers and is passionate about helping students with mentoring and guiding careers in Technology and STEM. Her passion has led her into assisting women in leadership roles and working on many women led initiatives.

Membership and Professional Development Director


Omar Alarcon


Omar is an audit, governance, risk and compliance specialist with over 20 years of experience across different industries, including telecommunications, education, transport, energy and oil, finance and insurance, as well as public service. 
Currently serving as a Senior Auditor in Australian Unity, Omar has previously served in technical and leadership roles in Telstra, Public Transport Victoria, PwC, and the National Disability Insurance Agency (NDIA). 
In those roles, Omar has always promoted the added value that GRC initiatives can provide to business areas and is passionate about building relationships with internal and external stakeholders. As a complement to the technical areas, Omar is preparing an initiative on LinkedIn called “#BeKind” aiming to raise awareness about kindness in the workplace. 
Omar is also passionate about running, having completed a number of Half Marathons in Melbourne during the last few years. His post-nominals include CRISC, CISM, CISA, CDPSE, ITIL and ISO 27001. 




Marketing & Communications Director


Natalie Perez

Natalie Hingco Perez is a seasoned technology risk and assurance professional with over two decades of experience in consulting and financial services. Her journey with ISACA began as a SheLeadsTech ambassador, where she passionately championed gender diversity in technology. She has since held significant roles, including Professional Development Director and, currently, Marketing Director. Natalie played a pivotal role in the establishment of the SheLeadsTech Melbourne initiative, contributing to the chapter's 2022 Most Innovative Chapter Programs award from ISACA. She has also been recognised as one of ISACA's 2025 Outstanding Chapter Leaders. Further cementing her dedication, she received the 2024 Australian Women in Security Awards Best Volunteer with High Distinction. Natalie values collaboration, which has strengthened support from other professional organisations such as AWSN, AISA, ACS, and IIA. A regular contributor to ISACA global events, including speaking at the 2022 Global Leadership Summit, Natalie is passionate about mentoring women in technologyOutside of her volunteering and professional life, Natalie is a devoted mum of four children and enjoys staying active through dance, strength training, yin yoga, and reformer Pilates.  

Certifications Director

Bharat Bajaj

With over two decades of experience in the banking and finance sectors, Bharat is a seasoned Technology Risk professional renowned for his strategic and pragmatic approach to addressing technology and business challenges. 

Bharat's extensive expertise spans the critical domains of Artificial Intelligence, Cybersecurity, and Privacy Risk Management. His career has been distinguished by his ability to navigate and mitigate risks in these dynamic fields, delivering robust solutions that align with business goals. 

Holding a Bachelor in Information Technology and a suite of industry certifications including ISACA's CRISC, CISM, and CDPSE, Bharat is committed to continuous learning and professional development. As an ISACA Accredited Trainer, he takes pride in facilitating study groups and mentoring the next generation of risk professionals. 

Bharat has made significant contributions to three of Australia's largest financial institutions, bringing his wealth of knowledge and experience to bear on complex risk management issues. Currently, he supports the CBA AI and MLOps business units, driving Technology Risk Management and AI Technology implementation to enhance operational resilience and innovation.