xGRC® was founded in late 2017 by Dr. Georg Thomas who, after working in New York for several years as a consultant and auditor, saw the need for a better (not spreadsheet) and more affordable way to manage governance, risk, compliance, and auditing within organisations.

Georg is a risk and information security professional with over two decades of experience. Based in Melbourne, Australia, Georg has worked with organisations of all sizes and industries.


  • Legal and professional services
  • Property and Construction
  • Financial Services and Insurance
  • Retail and FMCG.

Organisation Types

  • ASX Top 200
  • Fortune 500
  • AMLAW 100
  • Startup, SMB, SME.

Education & Certifications

  • Doctor of Information Technology
  • Master of Management (InfoTech)
  • Bachelor of Information Technology (SysAdmin)
  • PECB Certified ISO 27001 Lead Auditor
  • PECB Certified ISO 27001 Lead Implementer
  • OCEG Certified GRC Auditor
  • OCEG Certified GRC Professional
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Data Privacy Solutions Engineer (CDPSE)
  • Lead Auditor, Quality Management Systems (ISO 9001)


  • Microsoft Most Valuable Professional (MVP) – 2014, 2015, 2016.