Meet the expert: Sudha Madhusudhan to speak at #RISK Amsterdam

Taking place at RAI Amsterdam on September 27 and 28, #RISK Amsterdam examines the trends and best practices organisations are employing to navigate today’s rapidly evolving risk landscape.

Sudha Madhusudhan is an Information Security Senior Consultant at FedEx. She has multi-geographic experience with regulatory Exposures from EU Commission Requirements on cybersecurity in Civil Aviation, FFIEC, Dutch National Bank, Reserve Bank of India, and Bank of England.

Sudha will be at #RISK Amsterdam to discuss the limitations of traditional compliance programmes and why organisations should adopt a more comprehensive approach to ensuring a compliant workplace.

We spoke with Sudha about her professional journey and for an introduction into the themes on the table at her #RISK Amsterdam session.

Could you outline your career pathway so far?

I began working as a network engineer after earning my degree in 2006, and I’ve since gone on to providing IT infrastructure services. 

As my career has progressed, I have had the opportunity to work on several quality and security assessments. In 2012, I learned about ISO 27K, and I shifted my work towards information security auditing and consulting. 

As I’ve moved forward in my profession, I’ve been exposed to numerous regulatory requirements for different sectors, including banking, IT, and aviation, as well as industry best practices, like NIST, ITIL, CSI controls, COBIT, ISO27K, and PCI.

What does a more “proactive” approach to compliance mean, and what are the benefits?

Compliance requirements are assessed by the organisation against their policy, standard and regulatory requirements for their business. A proactive compliance approach can be taken by setting up a strategy and practices to prevent regulatory violations and ensure adherence to the law and organisation policy and standards.

A proactive compliance approach includes, but is not limited to, education and training; risk assessment; continuous monitoring, and improvement to adapt to changing regulations and evolving business conditions. By doing so we can reduce the legal and finance risk, early detection of issues, enhancing reputation and improving the operational efficiency.

What primary hurdles do organisations face as they bid to improve compliance culture and processes?

In my opinion, the greatest hurdle is “Resistance to Change”. This includes employees and leadership when it comes to technology enhancement and compliance maturity etc. In addition:

1.       Lack of awareness hinders the compliance efforts

2.       Complexity of evolving regulations, e.g: Aviation cybersecurity requirements

3.       Resistance in reporting non-compliance

4.       3^rd Party risks – Never-ending compliance issues with vendors against organisations’ policies and standards.

We need to have a holistic approach to improve the above hurdles, an approach that includes leadership commitment, ongoing training and communication, a focus on ethical behaviour, robust monitoring and reporting mechanisms, and a willingness to adapt to evolving regulations and industry standards.