Delegates and leaders across the breadth of information security and cybersecurity space converged at Dubai for the ControlCase 14th Annual Global Conference held from 17th to 18th January 2025.
Karthikeyan C, Associate Vice President – Head Information Security (GRC), represented Movate as a distinguished guest for the panel discussion on the topic of Navigating IT Compliance Standards; he received the plaque on behalf of Movate for Leadership in Cybersecurity.
The modern ‘compliance’ landscape is complex and overwhelming. Throughout the year, enterprises need to simultaneously undergo certifications, multiple regulations, standards and frameworks to show how they fare against IT compliance and cybersecurity. Organizations today face ‘compliance’ related challenges, and they need to optimize their compliance journey. It’s a key factor for customer and partner trust.
During the panel discussion, Karthikeyan answered key questions from Movate’s standpoint around managing multiple audits/compliances, GRC (governance, risk, compliance) platforms, enterprise data readiness for AI. Here are some insights he shared during the discussion.
Moderator: As an IT and digital services provider for global clients, Movate is subject to multiple audits and manages multiple compliances in the supply chain. How do you manage multiple compliances and what are the challenges?
Karthikeyan: Yes, the ground reality is that Movate is subject to multiple audits. External and internal audits consume plethora of time and effort. For example, ISO 27001:2013, SOC 2 Type II, PCI DSS 4.0.1, Colombia Personal Data Processing, ICO, HIPAA, GDPR, EU-US (DPF) are based on the organizational standpoint and contractual requirements. Preparing for each audit task is time consuming process amounting to almost 6 months in a year for internal and external audits combined. The demands on time and resources are challenging. We can mitigate these challenges by integrating a model or framework with various technologies to bring all audits under one umbrella. We are in the process of implementing it and we’re working towards this goal.
Moderator: Audit fatigue is associated with managing multiple compliances and certifications. There’s also the ‘one-audit approach’. What are your views, and do you think this is a better approach to manage audit-related stress?
Karthikeyan: I see various GRC platforms for integrating various certifications, but this is something new but interesting. At Movate, we tried exploring various platforms for the integration but faced a few challenges: integrating various standards, aligning Movate’s internal policies and processes with various global standards, which was cumbersome. Bringing various standards and policy compliances under a simplified structure of a platform that will deliver on quality and cost-efficiency certainly works.
In the modern compliance landscape, navigating the maze of compliances is akin to juggling while riding a unicycle—A fine balance between multiple requirements and ensuring zero negative impact on business operations is pivotal.
Moderator: AI-led CX transformation – How can AI be used to manage multiple compliances and what are the challenges, benefits that Movate envisions with the use of AI?
Karthikeyan: The first is data-quality for regulatory impact. Enterprise data-readiness is a prerequisite for AI systems. The quality, volume, confidentiality or sensitivity of data is significant in terms of overarching value we derive from AI. Segregating data, ensuring quality of inputs is paramount for enhancing AI’s effectiveness. The second is from a ‘resource’ aspect of people, budget and technology Implementing AI solutions requires careful consideration of several critical requirements.
- AI projects require a team with diverse skills, including data scientists, machine learning engineers, software developers, and domain experts. We seek competent outcomes, and the team needs to understand various aspects of compliance and data-readiness.
- Budget Requirements often require a significant upfront investment in infrastructure, personnel, and technology, ongoing expenses, and so forth.
- Technology requirements include AI frameworks, data storage, security and scalability
By carefully considering these critical requirements, organizations can set themselves up for success when implementing AI solutions. Having these two aspects in place is likely to guarantee quality of expected outcomes from AI.
Commenting on the event, Karthikeyan remarked, “I am honored to represent Movate and receive the award on behalf of Movate; this award is a testament to our strong posture in cybersecurity and information security. In today’s AI economy, it is crucial to stay ahead of the evolving threat landscape and to continuously educate and awareness our teams and stakeholders about the importance of cybersecurity. This award reinforces our commitment to prioritizing cybersecurity and to being a trusted partner for our clients. As a panelist at the conference, I had the opportunity to share my expertise and insights on the latest happenings in cybersecurity – AI trends and best practices. It was a great experience to hobnob with other industry experts and thought leaders, and to learn from their experiences. This award is not just a recognition of our past achievements, but also a motivation to continue striving for excellence in cybersecurity. We will continue to adapt to the latest technologies, train our teams, and work closely with our partners to ensure the highest levels of cybersecurity.”
Other speakers on the panel shared their views from their industry on multi-compliance necessities, fostering AI literacy, upskilling professionals in the IT sector, attrition levels, implementing new tools, creating awareness, selecting the right compliance partner possessing expertise and knowledge of the business, and benefits of a single unified user interface for managing all certifications.
Additional information
- Video: (634) ControlCase | 14th Annual Global Conference – Dubai | Live Stream – YouTube
- Blog: Unmasking the unknown: Detecting zero-day threats with unsupervised learning – Movate
- Blog: Information security at Movate: Assessments and compliance
- Blog: Movate’s Cybersecurity Solutions for Fortified Protection – Palo Alto
- Article: Navigating (ZTA) zero trust approach: strategies, challenges, and solutions
- Article: ZTA opportunities abound amid tech confusion
- Blog: The AI vs AI scenario: GenAI’s impact on digital defenses and cyber attacks
About the speaker
Karthikeyan C [CISA CISM CRISC CLIP] ,
AVP – Head Information Security (GRC)
At Movate, Karthikeyan is responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. He brings more than 18 years of experience in various facets of information security, risk management, security audits, compliance, tech operations, inside and outside connectivity and more. He is a certified professional holding certifications such as CISA, CISM, CRISC, and CLIP. LinkedIn.
Contact Karthikeyan at karthikeyan.chandrasekaran@movate.com