Dr. Priyanka Sunder (PD) Strengthens Cybersecurity Leadership for Women on International Women’s Day
In the ongoing pursuit of gender parity within the cybersecurity sector, Dr. Priyanka Sunder (PD) exemplifies two decades of impactful leadership. A distinguished cybersecurity strategist, she has cultivated a career at the crossroads of governance, risk, and compliance (GRC), successfully navigating complex digital transformations across nine countries and playing pivotal roles in Big 4 advisory boardrooms.
As the Co-founder of CHRIO SecureMojo and a National Cyber Security Scholar, Dr. Sunder brings a wealth of expertise to discussions surrounding GRC, cloud security, and enterprise resilience. Her accolades, including Cybersecurity Leader of the Year 2025, Top CISO 2023 (BFSI), and Global 200 Women Power Leader, underscore her technical proficiency and a leadership philosophy grounded in empathy, continuous learning, and servant leadership.
Evolution of Women in Cybersecurity Leadership
Women in cybersecurity are increasingly recognized for their unique contributions to strategy and problem-solving. Dr. Sunder emphasizes that qualities such as empathy, patience, determination, and attention to detail are not merely soft skills; they are vital enablers of effective cybersecurity. These attributes assist in identifying root causes, ensuring comprehensive risk remediation, and enhancing decision-making processes.
By transforming challenges into opportunities and venturing beyond comfort zones, women in cybersecurity can develop cross-functional skills and foster a collaborative culture. Dr. Sunder notes that women leaders excel in servant and situational leadership, which builds trust and collaboration among teams, inspiring future generations to view cybersecurity as a calling rather than just a career.
The Role of GRC in Today’s Threat Landscape
Reflecting on her two decades of experience, Dr. Sunder highlights a significant evolution in how organizations approach GRC. Initially, compliance was often viewed as a box-ticking exercise. However, the understanding has shifted to recognize that cybersecurity hygiene is a cornerstone of enterprise resilience. Today’s organizations are no longer asking, “Have we been compromised?” but rather, “How prepared are we, and how quickly can we recover?”
GRC frameworks now play a crucial role in conducting periodic maturity assessments, utilizing Information Security scorecards, and integrating business continuity testing. A robust cybersecurity training and awareness framework is essential, as it can mitigate up to 90% of risks stemming from human error.
Aligning Compliance Frameworks Without Sacrificing Agility
As organizations navigate multiple compliance frameworks, such as NIST, ISO 27001, RBI, MAS TRM, and GDPR, Dr. Sunder emphasizes the importance of secure code development and configurations. These foundational elements support the safe adoption of emerging technologies like artificial intelligence (AI), operational technology (OT), and cloud computing. This approach fosters operational excellence while ensuring that information security remains agile and conducive to collective transformation.
Prioritizing Cloud Security Controls
In the context of cloud environments, Dr. Sunder identifies several critical controls organizations must prioritize. These include mitigating vendor dependency, ensuring data localization for compliance, maintaining robust backup strategies, preventing security misconfigurations, and implementing strong key management practices. A phased migration strategy, coupled with proactive measures, can significantly enhance cloud security and facilitate smoother transitions.
Building a Strong Security Culture
Dr. Sunder asserts that strong leadership commitment is fundamental to cultivating a robust security culture. When management consistently demonstrates secure behaviors—such as using multi-factor authentication and reporting suspicious activities—it reinforces the notion that cybersecurity is a shared responsibility across the organization.
Training initiatives should be continuous, engaging, and tailored to specific roles. Approaches like bite-sized learning, phishing simulations, secure coding workshops, and fraud prevention sessions can help employees internalize security practices effectively. Appointing “security champions” within departments can further enhance collective influence, creating an environment where employees feel safe reporting mistakes without fear of retribution. Together, these strategies empower staff to become the organization’s most formidable line of defense.
Identifying Risk Management Gaps
Drawing from her extensive experience in IT advisory and financial services, Dr. Sunder identifies several common risk management gaps within enterprises. These include a lack of robust GRC solutions for effective risk and compliance management, inadequate cybersecurity awareness among employees and vendors, and insufficient integrated patch management for real-time visibility and timely remediation. Other recurring issues involve weak change management practices, cloud security vulnerabilities, and insufficient access controls.
Communicating Risk Posture to Stakeholders
To effectively communicate risk posture and investment priorities to executive stakeholders, Dr. Sunder emphasizes the need to present information in quantifiable terms. Business leaders are primarily focused on numbers and the broader organizational picture. Therefore, articulating the financial implications of risk mitigations, GRC benefits, and cybersecurity impacts—such as potential financial losses and reputational damage—is crucial.
Quantitative risk assessment models and GRC solutions can provide insights into the financial impact of control gaps, measurable returns on investment (ROIs), and key risk indicators (KRIs) and key performance indicators (KPIs). This approach offers senior management a clear understanding of cybersecurity’s value, facilitating informed decision-making.
Encouragement for Aspiring Women Professionals
Dr. Sunder encourages aspiring women in GRC and cybersecurity to view challenges as opportunities for growth. Her journey has been marked by overcoming biases, managing burnout, and achieving significant breakthroughs. She believes that growth can be both intrinsic and extrinsic, lateral and linear. By stepping outside their comfort zones, women can develop cross-functional skills and contribute to a cohesive team culture. Continuous learning has been a cornerstone of her career, and she advocates for women to adopt this mindset to build resilient, long-term careers in cybersecurity.
According to publicly available reporting, Dr. Priyanka Sunder’s insights reflect the evolving landscape of cybersecurity and the critical role women play in shaping its future.
For the latest cybersecurity developments, threat intelligence, and breaking updates from across the Middle East: Middle East
