Technology Transformation


Threats to cybersecurity and business continuity are rising across the globe. Regulators are stiffening privacy policies and requiring companies to certify their compliance. This puts enormous pressure on the role of Chief Information Security Officers (CISOs). It falls to the Chief Risk Officer, the CISO or the General Counsel to establish data governance and security policies, ensure the company is up-to-date in its cybersecurity safeguards, pro-actively develop ransomware and business continuity plans, and to establish and test disaster recovery readiness.

FTI has developed an offering called the “Office of the CISO” to help executives in these complex and inter-related task. We can provide any or all of the services below, and even act as your CISO on a retainer basis, if needed.

Our Office of the CISO Services:

Cybersecurity Preparedness & Response

  • Cybersecurity assessment
  • Cybersecurity improvement roadmap and implementation
  • Prepare Incident Response Plan (IRP) including internal and external communication
  • Security policies
  • Governance
  • Ongoing penetration testing
  • Strategic communications planning and event response

Information Security and Governance

  • Establish global governance across domains, functions, and business units
  • Develop and foster best practices
  • Audit and report to the board

Data Protection and Regulatory Compliance

  • Protect PII and other data
  • Ensure regulatory compliance to GDPR, CCPA, PCI and HIPAA
  • Development and support of Enterprise Data compliant Architecture, Products and Platforms, and Processes
  • Enterprise data management
  • Data breach escalation and communication strategy
  • Data breach even communications

Business Continuity

  • Business continuity assessment
  • IT disaster recovery and business continuity / contingency design
  • Roadmap development to achieve continuity readiness
  • Continuity testing
  • Strategic communications planning and event response

Regulatory Compliance

Growing data privacy and cybersecurity concerns have led to an increase in legislation and regulation, which often involve demanding requirements. FTI Consulting’s Compliance services are focused on ensuring that your organization meets its unique compliance requirements while maximizing the return on cybersecurity investment.

The web of potentially overlapping compliance and regulatory regimes that call into play cybersecurity matters can be daunting, but FTI Consulting experts leverage a global network to support clients with conducting a regulatory gap assessment to identify necessary changes that need to be made to achieve compliance; assessing the client’s data environment, security infrastructure and existing cybersecurity policies, procedure and processes; designing a control development and revision strategy that will recommend technology solutions, human resources and policy changes; and, aiding in the implementation of recommended solutions to achieve compliance.

Regulatory Compliance in Action:


A security breach resulted in an investigation by the Office of Civil Rights (OCR).


We were engaged to help manage breach communication and documentation and to develop a robust privacy and security program to protect against future compliance risk.


We provided a rapid, initial assessment of the existing privacy and security program, followed by a formal risk assessment report that included specific findings and recommendations. Our recommendations allowed our Client to strengthen their privacy and security program to meet the requirements of HIPAA and HITECH.

Contact Our Experts

David Dunn

Managing Director

Forensic & Litigation Consulting

Pratyush Lal

Managing Director

Corporate Finance



IT Best Practices for Building COVID-19 Resilience

The pervasive presence of IT in nearly all operations warrants continued and decisive leadership attention as portfolio companies and support businesses address the impacts of COVID-19. Building resilience to get through the pandemic and beyond involves focusing on three key areas.


Robotic Process Automation: How to Successfully Stand up a Digital Workforce

With a recent surge in adoption of Robotic Process Automation, many midsize companies are asking how they can get in on the action. Here’s what they’ll need to successfully implement this back-office transformation accelerator.


IT Best Practices for Building COVID-19 Resilience

A well-defined FP&A technology infrastructure is key to improving business performance.