David Spollen Director, Head of IT Risk, Financial Services Advisory Dublin, City Quay +353 (0)1 680 5955


David is a Director in our Business Risk Services practice within Financial Services Advisory. David specialises in IT risk assurance and advisory services for our clients. He joined Grant Thornton in 2019. Prior to this, he was Head of IT Risk within a pillar Irish bank. Prior to that he was a Senior Manager within a Big 4 firm’s Financial Services (FS) Advisory IT Risk Assurance function.

Sector experience

David has over 13 years’ experience specialising in IT risk assurance and advisory within the financial services industry. He was the Head of IT Risk within a pillar Irish bank for 2.5 years where he reported into the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) during this time.

David was responsible for:

  • all first line of defence IT/technology risk assurance matters;
  • providing independent support and challenge to the CIO and IT Leadership Team;
  • championed risk awareness;
  • promoting risk management across IT to ensure better decision-making; and
  • ensuring the successful rollout of a firm-wide operational risk (including IT risk) management framework and toolset for IT.

David managed all IT controls testing for financial reporting purposes as well as all IT controls testing required more broadly under the firm’s operational risk management framework. He also managed all Group Internal Audit (GIA) support work to IT as well as all IT regulatory-related work (including inspections, questionnaires or ad hoc information requests). He was a single point of contact on IT risk matters across the organisation and drove coordination within IT of all first, second and third line risk and assurance activity, as well as coordination and management of all regulatory and external audit activity for IT.

David also spent 10 years within a big 4 firm’s Financial Services Advisory IT Risk Assurance function where he was a Senior Manager. During this time, David led the provision of IT risk assurance and advisory services to a broad range of indigenous and international/global FS clients across banking, insurance and asset management firms in the areas of IT Risk Management, Payments and IT Resilience, Skilled Person Reviews, IT External Audit, IT Internal Audit, Sarbanes Oxley (SOx 404), Change Management, Access Management, Business Continuity Management, Disaster Recovery Management, Vendor Management, Data Privacy, Data Migration and Service Organisation Control (SOC) reporting.

  • Member of ISACA Ireland
  • Holds professional qualifications in CISA, CRISC, ITIL v3 Foundation, COBIT 5 Foundation and COBIT 2019 Foundation
  • MSc. (by research) in Computer Science from Trinity College Dublin (TCD)
  • B.A. (mod) in Computer Science, Linguistics and French from Trinity College Dublin