Available for select advisory engagements

Securing trust in third-party ecosystems.

I'm Calvin Louw — a Senior Digital Risk Consultant helping organisations across finance, insurance, manufacturing and technology design and operationalise Third Party Risk, Information Security and Privacy programmes.

Explore my work Start a conversation
0
Years in Digital Risk
0
Industries served
0
Professional certifications
0
Phinity client rollouts
Scroll
About

A risk practitioner who builds programmes that scale.

For over six years I've helped enterprises design, implement and optimise risk management programmes — translating regulatory pressure and emerging threats into pragmatic controls that the business can actually live with.

My focus is at the intersection of Third Party Risk, Information Security and Privacy — where I lead managed service teams, configure platforms like Phinity and UpGuard end-to-end, and help clients move from one-off assessments to continuous, automated risk operations.

I'm currently based in Johannesburg, presenting at industry events such as ITWeb on emerging topics including AI in TPRM, and certified across CISM, SSCP, CC, ITIL 4, ISO 27001 and ISO 31000.

Based in
Johannesburg, South Africa
Currently
Mobius Consulting
Languages
English (Native), Afrikaans
Education
BCom Hons (Cum Laude), UJ
Calvin Louw — Senior Digital Risk Consultant
Open to new advisory
Expertise

Practice areas built around measurable outcomes.

Third Party Risk Management

End-to-end TPRM frameworks across governance, operations and tooling — from policy design through to managed service delivery using Phinity and UpGuard.

  • TPRM frameworks & operating models
  • Phinity end-to-end configuration
  • UpGuard monitoring & workflows
  • Vendor assessments & remediation

Information Security

Practical security controls aligned to ISO 27001 and broader cybersecurity frameworks — with a focus on enabling, not blocking, the business.

  • ISO 27001 gap analysis
  • Control implementation
  • Security training & awareness
  • Identity & Access Management

Information Privacy

Privacy remediation programmes that move organisations from paper compliance to operationalised data protection across the data lifecycle.

  • Personal information inventories
  • Privacy notices & internal policies
  • Retention schedules
  • Privacy-aligned contractual clauses

Risk Governance & Compliance

Enterprise risk governance grounded in ISO 31000 — turning risk frameworks into repeatable, auditable processes the executive can trust.

  • Risk operating models
  • Policy & procedure design
  • Regulatory alignment
  • Remediation roadmaps

Cloud Risk Assessment

Risk-led evaluation of cloud and SaaS providers — identifying exposure, contractual gaps and operational dependencies before they become incidents.

  • Cloud provider risk reviews
  • SaaS due diligence
  • Shared responsibility mapping
  • Continuous monitoring

Business Process & Delivery

Business analysis and Agile delivery skills that ensure risk and security work lands cleanly inside delivery teams — not stuck in slide decks.

  • Business process analysis
  • User stories & acceptance criteria
  • Agile project management
  • Stakeholder enablement
Industries served

Trusted across regulated and high-stakes sectors

Finance
Insurance
Manufacturing
Technology
Experience

A career compounding in digital risk.

Jul 2023 — Present Johannesburg

Senior Digital Risk Consultant

Mobius Consulting South Africa
  • Lead the design and implementation of TPRM frameworks across multiple enterprise clients.
  • Configure and operate Phinity Risk Solutions end-to-end, and run UpGuard vendor monitoring & assessment workflows.
  • Develop and operationalise TPRM policies, standards and procedures aligned to regulatory requirements.
  • Deliver scalable TPRM managed services combining automation tooling with manual risk assessment.
  • Run privacy remediation programmes — PI inventories, notices, retention schedules and contractual clauses.
  • Conduct ISO 27001 gap assessments and drive remediation roadmaps to completion.
TPRMPhinityUpGuardISO 27001Privacy
Jul 2021 — Jun 2023 Johannesburg

Digital Risk Consultant

Mobius Consulting South Africa
  • Delivered information security and third-party risk engagements across finance and insurance clients.
  • Supported framework rollouts, vendor assessments and remediation tracking.
  • Contributed to managed service delivery and tooling configuration.
Information SecurityTPRMAssessments
Jan 2020 — Jun 2021 Johannesburg

Associate Consultant

Mobius Consulting South Africa
  • Foundational consulting role — supporting risk assessments, documentation and stakeholder workshops.
  • Built up core skills across IS, Privacy and BPA that underpin current practice.
Risk AssessmentBPADocumentation
Jan 2019 — Dec 2019 Johannesburg

Student Assistant

University of Johannesburg
  • Supported academic staff and student programmes while completing BCom Honours in Information Management.
AcademiaMentoring
Selected clients

Trusted by names that define their sectors.

From the largest insurers and banks in South Africa to global brands and professional-services firms — here are some of the organisations I've helped operationalise risk, security and privacy.

0
Enterprise clients delivered
0
Sectors covered
0
Confidentiality maintained

Insurance & Risk

Short-term, life, health & alternative risk
Hollard
Old Mutual Insure
Old Mutual ART
OUTsurance
Discovery
Sanlam
Santam
Brolink
MiWay

Banking & Financial Services

Retail, private & institutional
Nedbank
Investec
Curo Fund
Citadel

Telecommunications & Technology

Connectivity & venture innovation
Vodacom
Next176

Professional & Legal Services

Advisory, audit & legal
Webber Wentzel
BDO
Remgro Management Services

Consumer & Industrial

Global brands & SA manufacturing
Adidas
IngrainSA

Trusted by experts.
Delivered for leaders.

Engagements were delivered under Mobius Consulting. Client details listed with discretion; all engagement specifics remain confidential.

Highlights

Selected achievements.

01

Managed Services Leadership

Led a team of consultants on managed-service TPRM engagements, scaling assessment throughput across multiple enterprise clients.

02

ITWeb 2024 Speaker

Presented at ITWeb in 2024 on the practical application of AI in Third Party Risk Management — exploring where automation actually moves the needle.

03

100% Phinity Rollout Success

Successful implementation of Phinity Risk Solutions across every client engagement to date — a clean track record on platform delivery.

04

Automation-Led Cost Savings

Implemented and automated TPRM programmes that delivered measurable cost savings in both time and budget for clients.

Credentials

Certifications & education.

Certifications

CISMCertified Information Security Manager
SSCPSystems Security Certified Practitioner
CCCertified in Cybersecurity
ISO 27001Foundation Certification
ISO 31000Risk Management Guidelines
ITIL 4Foundation Certification

Education

BCom Honours in Information Management Cum Laude

University of Johannesburg · 2019

BA Public Management and Governance

University of Johannesburg · 2015 – 2018

Memberships

ISC2

International Information System Security Certification Consortium

Toolkit

Platforms & frameworks I work with.

Phinity Risk Solutions
UpGuard
ISO 27001
ISO 31000
ITIL 4
POPIA / GDPR
Agile / Scrum
IAM
Off the clock

Outside of risk, I'm outside.

Continuous improvement runs through everything I do — Kaizen at the office, casts on the water at the weekend. When I'm not configuring TPRM workflows you'll find me deep in a campsite, on a riverbank, or down a rabbit hole of new music.

Camping
Fishing
Music
Kaizen
Get in touch

Have a risk programme that needs grown-up hands?

Whether you're rolling out TPRM from scratch, hitting an ISO 27001 milestone, or trying to operationalise privacy — let's talk.

Work email calvinlouw@mobiusconsulting.co.za
Personal email mrcalzlouw@gmail.com
Phone 061 426 2121
LinkedIn /in/calvin-louw