Focal Point Grows IRM Practice, Adding Top Big 4 Expert

February 3, 2020

David Graff Press ReleasePhiladelphia – Focal Point Data Risk, LLC (“Focal Point”), a leading cybersecurity services provider, today announced the addition of David Graff as Managing Director of Integrated Risk Management services. Graff joins Focal Point from KPMG, where he served as a Director in the Philadelphia Internal Audit and Enterprise Risk practice.

Graff is a widely recognized expert in strategic risk management and internal audit, having led dozens of large-scale enterprise risk management (ERM), governance, risk, and compliance (GRC), and Sarbanes-Oxley (SOX) compliance engagements for Fortune 500 companies in the healthcare, utilities, and financial services sectors. He has also held various executive leadership roles in industry, including as the CAE of a large, publicly traded water utility.

“IRM and GRC are two of the fastest-growing sectors in risk management,” said Focal Point CEO Brian Marlier. “By adding a leader of David’s caliber, we have strengthened our ability to drive this market, develop complementary solutions, and support our clients through transformative risk management initiatives. I’m excited to have him on the team and look forward to the continued growth of our IRM services line.”

Graff’s addition comes at an opportune time for Focal Point. Gartner estimates the combined IRM market will reach $8 billion by 2021, up from just over $5 billion in 2017. At the same time, the IRM solution market has seen a flood of new software, as well as several high-profile acquisitions. With a market as dynamic as IRM, the need for strategic guidance has never been higher, and Focal Point continues to position itself as a leading-edge IRM advisor for the Fortune 500.

“I’m excited to join the world-class team of cybersecurity and risk management experts at Focal Point,” Graff said. “IRM is in a period of rapid acceleration, and Focal Point has the unique ability to support the people, process, and technology needs of today’s IRM initiatives.”

Focal Point offers strategic selection, consulting, integration, and maturation services for the leading solutions in integrated risk management. Focal Point often pairs this IRM experience with deep domain-specific expertise in cybersecurity, data privacy, vendor risk management, internal audit, and identity and access management in order to integrate IRM with other business applications, rapidly mature risk management processes, and improve risk visibility across the organization. For more information on Focal Point’s IRM services, please visit

About David Graff

David Graff is the Managing Director of Integrated Risk Management at Focal Point, where he leads ERM, IRM, and internal audit engagements in Philadelphia and across the Northeast. He has 20 years of experience, both in industry and professional services roles. Prior to Focal Point, David was a Director in KPMG’s Philadelphia Internal Audit and Enterprise Risk practice. His varied industry experience includes serving as the Chief Audit Executive for the largest publicly traded U.S. water and wastewater utility. He has deep experience in external reporting processes, process improvement and control methodologies, information system processes and implementations, operational processes and controls, internal audit methodologies, and strategic risk management. David is an active member of the enterprise risk and internal audit community, as well as being a Certified Public Accountant and Certified Internal Auditor.


Follow Focal Point Data Risk

About Focal Point Data Risk

Focal Point Data Risk, a leading cybersecurity services provider, helps companies secure the future of their business. By integrating market-leading consulting, technology integration, and cyber workforce development services, Focal Point provides an end-to-end solution for security leaders looking to future-proof their companies against threats, changing data protection laws, and growing workforce shortages. From the server room to the board room, Focal Point enables companies to build stronger, smarter, and more resilient cybersecurity programs that can scale at the pace of business growth. Focal Point works with the largest and most innovative companies in the U.S., including 6 of the top 10 companies by revenue and more than half of the Fortune 50. For more information about Focal Point, please visit