Get to know our regional experts

CRI is supported by a regional team of cyber specialists helping organisations quantify, communicate and manage cyber risk in financial and business terms.

Americas

Jason Flannery
Canada
Senior Manager
Jason is a leader in Canada's cybersecurity practice. He brings deep expertise helping public and private sector organisations quantify, understand, and manage cyber risk. Based in Saskatoon, Jason supports clients across the Prairies and works extensively with government, crown corporations, utilities, and financial institutions. He is particularly focused on helping executives use cyber risk quantification to make informed, business‑led decisions and prioritise investments based on measurable risk reduction.
Paul Van De Haar
United States
Director
Paul is a Director in KPMG US’s cybersecurity practice, helping organisations understand, quantify and manage cyber risk in the context of enterprise risk, resilience and business strategy. He works with executive teams to communicate cyber exposure in business terms, strengthen the link between cybersecurity and enterprise risk management, and support the continued growth and adoption of CRI across the US market.

ASPAC

Devruchir Jain
Australia
Partner
Dev is a leader in Australia's cybersecurity practice. He brings more than 20 years of experience helping boards, CISOs, and executive teams quantify cyber risk and translate technical challenges into strategic, decision‑ready insights. Dev supports clients across cyber risk quantification, cyber strategy, AI governance, and regulatory compliance, helping organisations better understand their exposure, evaluate risk treatment options and strengthen cyber resilience.
Motoki Sawada
Japan
Partner
Motoki is the leader of KPMG’s ASPAC cybersecurity practice, bringing more than 25 years of experience in cybersecurity and IT. He has led cybersecurity transformation initiatives in Japan across identity management, security operations, vulnerability management, Microsoft security, and OT security. Drawing on both cybersecurity and risk consulting experience, Motoki helps organisations understand and quantify cyber risk, develop risk-informed strategies and roadmaps, implement enterprise-wide security solutions, and strengthen resilience and recovery capabilities.
Sebastiaan Pronk
New Zealand
Associate Director
Sebastiaan is a leader in KPMG New Zealand’s cyber practice, based in Wellington. He joined the New Zealand firm in 2023 after 11 years with the KPMG UK, where he worked with the CRI team during its early development. Sebastiaan has extensive experience helping organisations in various sectors transform how they measure, quantify and manage cyber risk, expressing exposure in financial terms to inform strategy, resilience investment and supply chain risk management.
Gerry Chng
Singapore
Partner
Gerry is Head of Cyber and Partner with KPMG Singapore, with more than 25 years of experience in cybersecurity and risk management. He advises organisations across Singapore and Southeast Asia on cyber risk quantification, cyber resilience, regulatory compliance and the responsible adoption of emerging technologies such as AI. Gerry also plays a leading role in the wider technology and risk ecosystem, representing Singapore at the ISO committee on AI standardisation and chairing the AI Ethics & Governance Special Interest Group under the Singapore Computer Society.

EMA

Tobias Tiebes
Germany
Leader
Tobias serves as CRI’s point of contact in Germany, bringing more than five years of experience supporting clients across cyber strategy, security transformation, and quantitative risk management. Based in Frankfurt, Tobias helps organisations use cyber risk quantification to demonstrate the business value of cybersecurity, communicate cyber risk in financial terms and align security investments to the areas of greatest risk exposure.
Bert Koelewijn
Netherlands
Partner
Bert is a Partner in the Netherlands’ Cyber & Tech Law practice, specialising in cyber risk, operational resilience and crisis governance. He brings extensive board-level experience in financial services and has led complex cyber and resilience programmes across retail, industrial and public-sector organisations. Bert helps leadership teams quantify cyber and technology risk to support data-backed decision-making that strengthens resilience, enhances governance and responds effectively to an ever-evolving regulatory landscape.
Daniel Sanchez-Carnerero Polo
Spain
Senior Manager
Daniel is a Senior Manager in Spain’s cyber practice, based in Madrid. He has more than 10 years of experience helping organisations quantify, communicate and manage cyber risk. Daniel works with organisations across multiple industries to address complex challenges at the intersection of technology, risk and business, helping organisations communicate cyber risk more clearly to leadership teams and establish a stronger link between technology risk and business outcomes.

Still have questions?

Can’t find the answer you’re looking for? Please chat to our friendly team.