hero banner
Daniel Farthing

Daniel Farthing

We are excited to expand our cyber risk services, which includes helping clients with the APRA standard for Information Security (CPS 234). In this space, we work with both regulated entities and vendors who are trying to sell into the market. In both situations, these organisations are looking to uplift their security control environments and ultimately build trust across the financial ecosystem, which is what we help to deliver for our clients.

Partner – Consulting
Risk Consulting

Daniel is a cyber security risk and technology controls Partner based in Grant Thornton's Sydney office. With 15 years of experience in the United States and Australia, Daniel is one of the market's leading experts on SOC-2 and technology controls audits more broadly – including reviews with a focus on cyber/information security, access, change management, data governance and processing integrity.

Currently, Daniel spends the majority of his time assisting clients to implement and respond to regulatory changes including APRA's CPS 234 - Information Security, the Security of Critical Infrastructure Act 2018 and the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022. In addition, he helps clients to mature their information security control frameworks to meet client or better practice frameworks.

Prior to joining Grant Thornton, Daniel spent 11 years with PwC working with some of the largest and most complex organisations in the world. He specialises, however, in simplifying and 'bringing to life' the various controls frameworks with practical examples and actionable insights that provide real value to organisations of all sizes. This allows clients to spend less time interpreting the requirements and more time focusing on achieving their strategic objectives.


  • Information Security Frameworks, Regulations and Legislation
    • SOC 2 (Trust Services Criteria: Security, Availability, Confidentiality, Processing Integrity and Privacy)
    • APRA's CPS 234 - Information Security
    • ISO 27001:2013
    • NIST SP 800-53
    • Australian Energy Sector Cyber Security Framework (AESCSF)
    • ACSC Essential 8
    • NSW Cyber Mandatory 25
    • Security of Critical Infrastructure Act 2018 (SOCI)
    • Security Legislation Amendment (Critical Infrastructure Protection) Act 2022
  • Other Regulatory and Control Frameworks
    • Guidance Statement (GS) 007
    • ASAE 3402 (SOC 1) / ASAE 3150
    • CPS 231 - Outsourcing
    • CPS 232 - Business Continuity Management
    • CPG 235 - Managing Data Risk
  • Bachelor of Business Administration (Accounting)
  • Master of Business Administration (Assurance and Audit)
  • Member of Chartered Accountants Australia and New Zealand
  • Certified Internal Auditor
  • Certified Public Accountant (USA)
Read more
Related Events
Daniel Farthing
Get in touch
Daniel Farthing
Meet our People