Events , Governance & Risk Management , Infosecurity Europe Conference

Implementing GRC in a Complex Global Organization

Purvi Kay of BAE Systems on Unifying GRC and Building Diverse Cyber Talent
Purvi Kay, head of cybersecurity GRC, BAE Systems

Implementing governance, risk and compliance, GRC, in a global organization comes with significant challenges. The complexity increases with sophisticated cyberthreats and an evolving geopolitical landscape. Organizations must stay one step ahead, said Purvi Kay, head of cybersecurity GRC at BAE Systems.

See Also: Close the Gapz in Your Security Strategy

For an organization the scale of BAE Systems, challenges multiply. Nationally, BAE Systems must adhere to the government's regulatory framework, while also considering its international customers. "We don't want our organization doing two different things, so we're trying to bring it all together and have one consistent approach that provides for all our customers," she said. Another key aspect of BAE's strategy focuses on building a diverse talent pipeline and encouraging a collaborative effort.

"One of the biggest things is to understand the stakeholders, understand all parts of the business and their individual needs," she said. "Listening and bringing that together means that we're getting their buy-in from the forefront. So, we're designing these approaches with them rather than telling them what to do."

In this video interview with Information Security Media Group at Infosecurity Europe 2024, Kay also discussed:

  • Using AI for GRC automation while ensuring cybersecurity;
  • The importance of a unified GRC approach in a global organization;
  • Why analytical skills and attention to detail are crucial for addressing complex cyberthreats.

Kay has 14 years of experience across various civil service departments and the U.K. Intelligence Community. She has expertise in cybersecurity, spanning threat intelligence and embedding a security culture within companies. She is also a career mentor and keynote speaker at cyber events.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.