Events , Governance & Risk Management , Infosecurity Europe Conference
Implementing GRC in a Complex Global Organization
Purvi Kay of BAE Systems on Unifying GRC and Building Diverse Cyber TalentImplementing governance, risk and compliance, GRC, in a global organization comes with significant challenges. The complexity increases with sophisticated cyberthreats and an evolving geopolitical landscape. Organizations must stay one step ahead, said Purvi Kay, head of cybersecurity GRC at BAE Systems.
See Also: 2024 Threat Landscape: Data Loss is a People Problem
For an organization the scale of BAE Systems, challenges multiply. Nationally, BAE Systems must adhere to the government's regulatory framework, while also considering its international customers. "We don't want our organization doing two different things, so we're trying to bring it all together and have one consistent approach that provides for all our customers," she said. Another key aspect of BAE's strategy focuses on building a diverse talent pipeline and encouraging a collaborative effort.
"One of the biggest things is to understand the stakeholders, understand all parts of the business and their individual needs," she said. "Listening and bringing that together means that we're getting their buy-in from the forefront. So, we're designing these approaches with them rather than telling them what to do."
In this video interview with Information Security Media Group at Infosecurity Europe 2024, Kay also discussed:
- Using AI for GRC automation while ensuring cybersecurity;
- The importance of a unified GRC approach in a global organization;
- Why analytical skills and attention to detail are crucial for addressing complex cyberthreats.
Kay has 14 years of experience across various civil service departments and the U.K. Intelligence Community. She has expertise in cybersecurity, spanning threat intelligence and embedding a security culture within companies. She is also a career mentor and keynote speaker at cyber events.