Paras Shah

paras_shahParas has over fifteen years experience in business and technology consulting. He specialises in IT governance, risk management, assurance, information security and business process improvement.

Paras has offered consulting and advisory services to a wide ranging commercial, public sector, educational and not-for-profit organisations to solve business and technology problems in areas such as Business and IT strategy alignment, Risk management, Governance, IT capability maturity assessment, Management Systems, Information  Security, Business Continuity, and Process and business improvements.

He is a Certified Trainer and Certification Assessor for Management Systems Certifications including ISO27001 (Information Security), ISO9001 (Quality), ISO20000 (IT Service Management), and ISO22301 (Business Continuity). He has trained over 300 IT and Security professionals for IT Certification across Australia, Asia South, Middle East and India.

Some of his recent involvements include:

  • ISACA Framework Committee Member (2012-current)
  • Vice President, ISACA Sydney Chapter (2012-current)
  • Member of Standards Australia’s Quality Management Committee ‘QR-008’, responsible for ISO 9000 family of standard
  • Member of Standards Australia’s Security Techniques Sub-committee ‘IT-012-4’, responsible for ISO 27000 family of standard and other.


  • Project Manager and Principal Author of the IT Risk Management Whitepaper published by the ISACA Sydney Chapter earlier this year.
  • Reviewed IT capability & operating models to optimise IT performance and value for various organisations;
  • Evaluated business and IT strategies to re-align IT investment priorities for both commercial and government organisations;
  • Developed IT risk management and information security frameworks for various organisations;
  • Implemented business continuity framework as part of ISMS (ISO27001 implementation);
  • Evaluated business impact assessments and tested business continuity plans;
  • Developed IT portfolio management framework and methodology for educational organisation;
  • Developed IT resource management strategies for commercial as well as educational organisations;
  • Implemented Information Security Management Systems in accordance with ISO27001 for various organisation and lead them to successful certification);
  • Reviewed security architecture and established metrics for management reporting;
  • Implemented quality management systems (ISO9001) for a technology team and achieved certification for zero non-compliances; and
  • Conducted certification assessments for ISO 27001, ISO 9001 and ISO 20000 standards.


  • Business and IT strategy,
  • Business architecture,
  • Investment prioritisation,
  • Performance measurement,
  • Resource optimisation,
  • IT Governance,
  • IT Risk Management,
  • Information Security,
  • Business continuity & Disaster Recovery,
  • Assurance,
  • Compliance assessments, and
  • Process and business improvements 


  • B.Com., CA


  •  ISO 9001 Lead Auditor,
  • ISO 27001 Lead Auditor & Certified Implementer
  • iso 20000 Lead Auditor And Certified Implementer
  • ISO 22301 Implementer