Garry Barnes

Garry-Barnes-B&WOver twenty years’ experience in IT governance, information and IT Security, IT audit, and risk management, having worked as a managing consultant, and in a number of NSW public sector agencies and banking. Strong governance, strategy information security expertise, sound business and risk management experience, and extensive experience in engagement with business and IT leaders.

Significant practical experience in governance and security frameworks, standards and regulations including COBIT5, ISO 27001, ISO 31000 and privacy.

Strong communication and negotiation skills. Experienced strategic thinker and extensive program and project management expertise. Experienced presenter to executive teams and staff on governance, risk and security.

High level leadership skills within business sector and the information assurance. During his tenure in the New South Wales State Government, founded and served as chairman and committee member on a Government forum for Information Security Management, which operated as a precursor to the current Community of Interest.

Active member of ISACA since 1995. Some recent involvements include:

  • International Vice President and Treasurer
  • Strategic Advisory Council
  • Credentialing and Career Management Board
  • CISM Certification Committee (Chair)
  • Oceania CACS Committees
  • Sydney Chapter Director including Chapter President 2008-10
  • Participant in development of multiple ISACA publications including COBIT 5 for Information Security


  • Developed governance, risk management and information security frameworks for various organisations.
  • Performed capability and gap assessments of governance, risk and security functions
  • Implemented Information Security Management Systems in accordance with ISO27001 leading to successful certification.
  • Delivered annual information security programs for clients in the public and private sectors.
  • Development and delivery of enterprise-wide security awareness training programs.
  • Reviewed and updated Business Continuity and incident response capabilities.
  • Oversaw multiple engagements with key clients to deliver business aligned information and IT security services.