In a domain still striving for gender parity, Dr. Priyanka Sunder (PD) stands as a compelling example of what two decades of purpose-driven leadership looks like. A multi-award-winning cybersecurity strategist, she has built her career at the intersection of governance, risk, and compliance — navigating Big 4 advisory boardrooms, global regulatory frameworks, and complex digital transformations across nine countries.
As Co-founder of CHRIO SecureMojo and a National Cyber Security Scholar, Dr. Sunder brings rare depth to conversations around GRC, cloud security, and enterprise resilience. Her recognitions — including Cybersecurity Leader of the Year 2025, Top CISO 2023 (BFSI), and Global 200 Women Power Leader — reflect not just technical expertise, but a leadership philosophy rooted in empathy, continuous learning, and servant leadership.
On the occasion of International Women’s Day, we sat down with Dr. Sunder to talk about how cybersecurity governance has evolved, what it takes to build a real security culture inside organizations, and what she would tell women who are just starting out in this field.
Read full interview below:
Dr Priyanka Sunder (PD) Interview on Cybersecurity, GRC & Leadership
TCE: On the occasion of International Women’s Day, how do you see the role of women evolving in cybersecurity leadership and governance?
Dr. Priyanka Sunder (PD): Women bring unique perspectives that enrich strategy and problem-solving — empathy, patience, determination, and attention to detail are not just soft skills but critical enablers of effective cybersecurity. These qualities help uncover root causes, ensure logical closures of risk remediations, and strengthen decision-making.
By turning challenges into opportunities and stepping beyond comfort zones, we build cross-functional skills, foster a One Team culture, and position cybersecurity as a true business enabler. Women leaders excel at servant and situational leadership, building the trust and collaboration that unite teams around common organizational goals — inspiring the next generation to see cybersecurity not just as a career, but as a calling.
TCE: How have you seen GRC evolve in helping organizations manage today’s complex threat landscape?
Dr. Priyanka Sunder (PD): When I started as an Information Security Analyst 20 years ago, organizations treated compliance as a “check in the box” exercise. It took over a decade for the shift toward recognizing that cyber hygiene is a fundamental pillar of enterprise resilience.
Today, companies understand that compliance is not a one-time effort — it’s a moving target. The question is no longer “have you been compromised?” but “how prepared are we, and how fast can we recover?” GRC now plays a critical role through periodic maturity assessments, Information Security scorecards, integrated business continuity testing, and third-party risk management. A strong cybersecurity training and awareness framework — which can reduce 90% of risks from human error — is equally central to that mission.
TCE: How can organizations align multiple compliance frameworks like NIST, ISO 27001, RBI, MAS TRM, and GDPR without impacting operational agility?
Dr. Priyanka Sunder (PD): Throughout my career, I’ve emphasized secure code development, secure configurations, and hardening baselines as foundational drivers for safely adopting emerging technologies like AI, OT, and cloud. These form the pillars of Security by Design — driving operational excellence while keeping Information Security agile and enabling collective transformation.
TCE: What are the most critical controls organizations should prioritize when securing cloud environments?
Dr. Priyanka Sunder (PD): In the shared responsibility model, organizations must prioritize mitigating vendor dependency, ensuring data localization for jurisdictional compliance, maintaining robust backup strategies, preventing security misconfigurations across containers and storage, and implementing strong key management practices.
A phased migration approach, combined with proactively addressing these challenges, helps organizations strengthen cloud security while ensuring smoother transitions.
TCE: What practical strategies can organizations adopt to build a stronger security culture?
Dr. Priyanka Sunder (PD): Strong leadership commitment is the foundation. When management consistently models secure behaviour — using multi-factor authentication, reporting suspicious activity — it signals that cybersecurity is a shared responsibility, not just an IT function.
Training must be continuous, engaging, and role-tailored: bite-sized learning, phishing simulations, secure coding workshops, and fraud prevention sessions help employees internalize security practically. Appointing “security champions” within departments fosters collective influence, and employees should feel safe reporting mistakes without fear of blame. Together, leadership buy-in, engaging training, and employee empowerment transform staff into the organization’s strongest line of defence.
TCE: What are the most common risk management gaps you observe across enterprises today?
Dr. Priyanka Sunder (PD): Drawing from five years in Big 4 IT Advisory and over a decade in financial services, the most critical gaps I’ve observed are: absence of robust GRC solutions for effective risk and compliance management, lack of integrated patch management for real-time visibility and timely remediation, and inadequate cybersecurity awareness among employees, vendors, and customers. Other recurring gaps include weak change management, cloud security, access controls, and endpoint security.
TCE: How can cybersecurity leaders better communicate risk posture and investment priorities to executive stakeholders?
Dr. Priyanka Sunder (PD): Business leaders understand numbers and focus on the big picture, so it’s imperative to speak their language. Present risk mitigations, GRC benefits, and cybersecurity impacts — financial losses, reputational damage, customer attrition, service disruptions — in quantifiable terms.
Quantitative risk assessment models and GRC solutions can articulate the financial impact of control gaps, measurable ROIs, and periodic KRIs and KPIs, giving senior management clear assurance of cybersecurity’s true value and supporting informed decision-making.
TCE: What advice would you give aspiring women professionals building careers in GRC and cybersecurity?
Dr. Priyanka Sunder (PD): Turning challenges into opportunities has been a defining theme for me — overcoming bias in the early years, managing burnout during peak career phases, and achieving breakthroughs in recent years. These experiences reinforced my belief that growth can be both intrinsic and extrinsic, lateral and linear. Stepping outside comfort zones fosters cross-functional skill development and cultivates a strong One Team culture. Continuous learning has been central to my own journey, and I encourage women professionals to leverage that same mindset to build resilient, long-term careers in cybersecurity.
