Risk Management Consulting
 

Risk management professionals providing resilience and confidence in an uncertain world

Risk management consulting, information and cyber security and regulatory compliance.

Resilience and confidence in an uncertain world

Change and risk are inevitable; they are part and parcel of today’s dynamic operating landscape. Evolving technologies, world events and social and political shifts present opportunities and stimulate innovation, but they also mean the environment companies operate in is increasingly volatile and uncertain. New threats to organisations’ ability to deliver on their promises appear every day, both externally and within their own systems, processes and organisation. Organisations that stand still and don’t address the ever-evolving nature of the risks they face, become increasingly vulnerable.

With first-hand, deep sector experience and specialised risk advisory expertise we help our customers identify and assess the risk potential and build in resilience. Our customers can confidently undertake change programmes, embrace innovation and meet strategic objectives.

Discover more about our work

Risk Management Professionals

Our promise

Xcina Consulting will advise and support you with services to mitigate and manage risks and enable the highest levels of organisational resilience. Our risk management professionals will help ensure your organisation is best placed to achieve your strategic objectives with expert assistance to navigate an ever-changing operating, regulatory and technological environment. We will deliver excellent quality, value driven services tailored to your specific needs. We will act with speed and agility to meet your requirements and those of the regulatory context you operate within.

Our journey so far

 
Xcina Timeline

What our clients say

Xcina have helped us navigate the complicated world of data protection and their vDPO service has been great for a business like ours, which is tool small to have our own internal full-time resource but requires a high level of corporate and technical expertise when needed. We have found them very easy to work with, they blend flexibly with great people and good communication solutions in place. Xcina have been an asset our business.

Chief Operating Officer. Quadrangle Research Group

Discover how we have supported businesses like yours >>

 

Lindsey Domingo

Senior Director
LinkedIn >>
T: +44 (0)203 745 7826

 

Roger Greyling

Information Security Senior Consultant
LinkedIn >>
T: +44 (0)2037 457 842

 

David MacPhail

Information Security Senior Consultant
LinkedIn >>
T: +44 (0)20 3745 7820

 

Andrew McClelland

Senior Data Protection Consultant
LinkedIn >>
T: +44 (0)7837 392963

 

Kathy Zhai

AI Consultant
LinkedIn >>
T: +44 (0)7485 366 128

Lindsey Domingo

Xcina Management Team

Lindsey is a Senior Director at Xcina Consulting as well as the Data Protection Officer of Shearwater Group plc. He has 30 years’ experience, mainly in governance, risk and regulatory advisory roles based in the UK, continental Europe and emerging markets.

Lindsey is a Chartered Accountant, Certified Information Systems Auditor, and holds qualifications in GDPR, Governance, Risk & Compliance, Executive Coaching & Mentoring as well as Project Management.

He has led risk and compliance assurance advisory and change projects across financial and industrial sectors, and managed entire markets, with responsibility for developing teams, growing the practice, and delivering risk advisory, assurance, change management and regulatory projects. Lindsey also leads our Audit & Compliance practice.

Roger Greyling

Xcina Management Team

Roger leads our PCI practice. Roger is a Senior Consultant and PCI DSS Qualified Security Assessor (QSA)in Xcina’s Information Security Consulting Team. He has 18 years of experience in information security auditing and PCI compliance.

 

In addition to being a PCI QSA, Roger holds a BSc (Hons) Information Security and security credentials including ISACA’s CISA and CISM certifications and ISC2’s CISSP certification.

 

Roger is adept at leading compliance initiatives and enjoys helping organisations navigate their journey toward complying with the Payment Card Industry Data Security Standard (PCI DSS). As a trusted adviser and relationship builder, he is accustomed to working across all organisational levels and collaborating with teams to engineer practical solutions.

David MacPhail

Xcina Management Team

David leads our Cyber Maturity practice.  During his 15+ years in cyber security practices, David has delivered information security consultancy for many high-profile clients, most notably as a PCI DSS QSA. 

He has assisted a wide variety of organisations in securing their information assets and applications and achieving and maintaining compliance with industry standards.  David has extensive international and UK-based experience delivering security consultancy assignments.

Prior to specialising in security consultancy and the PCI DSS, he was engaged with a Managed Security Services provider and has extensive experience in network architecture, SOC / SIEM, firewall design, implementation, rules reviews, vulnerability (including ASV) scanning and penetration testing delivery.  David is also a CISSP and ISO27001 Lead Auditor.

Andrew McClelland

Xcina Management Team

Andrew has a background spanning commercial, compliance and public policy roles, enabling him to understand business drivers and balancing these with the organisations data protection responsibilities.

Andrew’s commercial background includes product management in the telecoms sector, looking after mobile and broadband launches, customer services provision and the end-user proposition. Additionally, his commercial work includes advising retail, healthcare and hospitality sectors on the use of digital channels for domestic and international market growth.

Public policy activities include representing business interests to the EU, encompassing the full consultation process that led to the launch of General Data Protection Regulations, working with Government departments to help them understand the business implications on a range  of legislation, and trade groups on the development of initiatives such as PCI-DSS, PSD (2), ‘Chip-n-Pin’ and Contactless Payments. Andrew’s work included launching the first retail business forum on payments fraud and cyber security, contributing to the Government paper that led to the first investment into Cyber Security and advising businesses when they had been impacted by DDOS attacks.

Combining this commercial and policy expertise, Andrew has extensive experience in providing external Data Protection consulting services. Ranging from initial gap analysis review work through to remediation activities and virtual Data Protection Office services (vDPO), his experience is utilised  by a variety of organisations across sectors as diverse as Retail, Technology, Healthcare, Hospitality and Real Estate. This experience also includes successful interactions with the ICO following data breach project management, reporting and investigation. Andrew’s advice provides a pragmatic approach to compliance activities delivered with a defensible mindset.

Kathy Zhai

Xcina Management Team

Kathy is an ISO 27001 and ISO 42001 Implementer with experience in implementing Artificial Intelligence Management Systems. She has a strong track record of optimising organisational efficiency and providing seamless support to Xcina clients. Kathy possesses exceptional communication and interpersonal skills, which foster collaborative relationships with internal and external stakeholders. She is also known for effectively and efficiently implementing and managing administrative processes as well as maintaining a high level of confidentiality and discretion in handling sensitive information.

 

Our core principles

 

Risk Management Consultants

We create pragmatic solutions that deliver client value

We are focused on delivering the right outcome for our clients, fulfilling varying requirements from organisations facing rapid change across multiple sectors, large corporates, not for profit, small and medium-sized enterprises looking for impactful solutions.

Risk Management Consultants

In-depth experience

We have a dedicated team of risk management professionals, bringing together the best of breed and great minds with a multi-disciplinary expertise, enabling us to act faster and smarter. Each consultant has a minimum of 10 years’ experience and has held Senior or Executive Management roles.

Risk Management Consultants

Focus on partnering

We take an integrated approach and operate as an extension of our clients’ teams, establishing deep longer-term relationships. Everything we deliver is tailored to our clients’ individual needs and we share and hand over the intellectual property and deliverables created during a client’s project.

Risk Management Consultants

Honest and transparent

We promote an ethical culture, demonstrating high standards and objectivity. We keep our commitments and are nothing but honest when we are not in a position to meet a requirement.

Our values

Everything we do as an organisation is underpinned by our values. Our culture, our service delivery and our leadership demonstrate the principles that we hold at the core of our business.

We believe that diversity and inclusion bring exciting opportunities, that innovation holds the key to tomorrow’s accomplishments and that integrity is a fundamental standard.

The relationships we build with our people, our partners and suppliers and the communities we work in are born of the utmost respect, and our clients’ ambitions are the driving force behind each and every project we undertake.

Risk Management Professionals
Risk Management Professionals

Sustainability

Protecting our environment

We take seriously our responsibility to understand the impact our activities have on our environment and to take steps to minimise, and eliminate wherever possible, waste, pollution, energy and physical resources and, crucially, greenhouse gas emissions.

All electronic devices are turned off at night. We hold meetings virtually instead of face to face wherever possible. We do not use company cars and encourage our people to use public transport. We recycle as many consumable materials as possible. We source equipment with the lowest power usage that is practical and always recycle redundant hardware.

We ensure all business processes are in line with current legislation and best practice environmental management systems. The Shearwater Group including Xcina Consulting is carbon neutral.

Risk Management Consultancy

Supporting our team

Nothing is more important to us than our people. We work hard to create a working environment that promotes their wellbeing, provides fulfilment and development and aligns with the social and environmental initiatives that they support.

Although current working modes mean that they are often physically apart, we facilitate regular contact and involvement across all our team members both professionally and socially. We actively support our people to live well, with programmes designed to enhance their happiness, healthiness and engagement at work. Training and career development opportunities are provided both as company-wide initiatives and in specific areas for different staff. We value everyone in the organisation as an individual and all are encouraged and supported to succeed regardless of their age, disability, race, religion, gender and sexual orientation.

Robust governance

Our diversity, breadth of experience and expertise in risk management and operational controls provides a strong platform from which to ensure a rigorous and robust governance is applied by our leadership. We are especially committed to ensuring that our environmental and social initiatives are able to evolve and grow and continue to have a positive impact on our people, the environment and the communities we work with within.

Risk Management Professionals
Risk Management Professionals

Working for Xcina

At Xcina Consulting you’ll be part of a team of passionate, talented risk management professionals and a culture that values every individual’s background and contribution. We are a dynamic and growing risk management consultancy with excellent opportunities for development for ambitious individuals looking for their next challenge.

Learn more about working at Xcina and see our current opportunities >>

Shearwater Group plc

The Shearwater Group PLC

Shearwater Group plc is an award winning organisational resilience group of forward thinking companies that address the complexities and challenges that enterprises need to meet if they are to survive, evolve and succeed in an ever-expanding, global, digital business environment. Providing cyber security, advisory and managed security services, we help assure and secure businesses in a connected global economy.

Shearwater Group Board >>

Shearwater Group results and presentations >>

Shearwater Group Companies

Brookcourt

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

Pentest

Pentest provides research-led penetration testing, red teaming, and offensive security consultancy services designed to uncover IT security vulnerabilities, support ongoing information security efforts, and to increase the digital resilience of your organisation.

SecurEnvoy

SecurEnvoy provide trusted identity and access management solutions to millions of users in real-time. Across five continents, our customers benefit from rapid deployments that scale through instant provision, simplicity of use and ease of management. The company also provide Data Discovery, data extraction and data loss prevention solutions, services and technologies to discover, classify and protect sensitive data and information in the cloud and on-premise.

Awards and accreditations

 

       

The industry accolade for Cyber Security and Compliance was awarded to Xcina Consulting in 2022 and 2021 by the Computing Security Magazine, based on public votes.

The British Standards Institution (BSI) Associate Consultant Programme (ACP) connects organisations with independent consultants that can provide the expert advice they need.

Risk Consultancy Awards

Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS.

Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme, a government backed scheme to help to protect your organisations against the range of most common cyber attacks.

Risk Consultancy Awards

IASME Governance Audited (sometimes known as IASME Gold) is an independent on-site audit of the level of information security provided by the organisation. IASME also provides a certification to demonstrate that the organisation has taken into account the requirements of the General Data protection regulation (GDPR) and IASME Quality Principles.

Risk Consultancy Awards

The Shearwater Group including Xcina Consulting is carbon neutral certified.

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>