We build strong partnerships with exceptional people, superior tools, and a diverse suite of services.
It begins with our customers. As specialists in businesses and institutions operating in high-risk and highly regulated environments, we’ve partnered with clients from the Fortune 50 to boutique companies operating in specialized business environments working both on and offsite. By providing end-to-end delivery of people, process and technology, we free our clients to focus on managing risk and the profitability of their core business.
Whatever your needs and wherever you are in your GRC lifecycle, we have you covered:
- Professional and Advisory Services: Whether you need to build your program from the ground up or are looking for strategic solutions to emerging risk management challenges, our professional and advisory services focus on your unique business model and requirements to find you the right answers.
- GRC Platform Implementation: As RSA Archer and ProcessUnity partners, we provide complete implementation support from planning to post-implementation.
- GRC Platform Integration: Many companies are working with diverse platforms, each with its own database and lexicon. We take your existing siloed platform functions and integrate them for better performance.
- GRC as a Service: Strategically outsourcing part or all of your program management to our experts can save you time and money while making you more effective.
- GRC Managed Services: Augment your existing in-house support resources with our professional implementation, hosting, and program administration services.
- Rescue and Enhancement: You can’t afford to have your risk management program’s functionality compromised when the unexpected happens. We’re here to help when you need us.

Our Team
Our industry experts are here to help. They are happy to be of assistance to make sure that you reach peak efficiency.

Timothy Carbery
Managing Partner
Tim Carbery is a Managing Partner at CastleHill Managed Risk Solutions. CastleHill offers advisory, implementation, and managed services for Regulatory Change Management, Enterprise Risk Management, Third Party, Compliance and other Operational Risk Management disciplines across industries. He leads CastleHill’s strategic advisory and implementation services for inhouse and managed GRC solutions that allow first and second line teams to utilize common information to fulfill their functions. Throughout his career, he has helped top tier clients overcome internal inertia and challenges to remediate high pressure regulatory directives with strategic, sustainable solutions. He also leads CastleHill’s Interact data framework team that provides bi-directional risk data integration between GRC tools like RSA Archer and enterprise systems.
Email Timothy

Michael Duggan
Managing Partner
Mike Duggan is a Managing Partner at CastleHill Managed Risk Solutions, leading CastleHill’s internal operations and the company’s Third-Party Risk practice and Managed Service offerings .He brings more than 25 years of professional experience in global finance, mergers and acquisitions, risk and compliance, and general operations across multiple industries, including high-tech, pharma, professional services, and manufacturing to the company. Throughout his career, he has been able to rapidly shift between day to day management of operations, leading technology projects that support efficient and effective organizational processes, and oversight of post-merger integrations.
Email Michael

Justin Riehl
Managing Principal
Justin is a Managing Principal of Operations and Global Delivery at CastleHill. He is also a Principal Consultant for Governance, Risk and Compliance (GRC) Enterprise Architecture, providing executive support for high profile projects specific to Enterprise Risk, Regulatory Compliance and Third-Party Risk Management systems. In addition to strategic inputs, Justin participates actively on project teams providing Project Management, Data and Systems Integration, Information Assurance Architecture, Systems Development, Data Intelligence Architecture, Analysis and Reporting.
Email Justin
