Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

GRC: CISOs must crawl, walk and run, says MetricStream's Gunjan Sinha

Yogesh Gupta | June 29, 2016
Governance, Risk, and Compliance (GRC) is fast becoming an important part of the security of organizations.

Edited Excerpts:

What are the definite opportunities for MetricStream in India?

From day one, we  are building a strong strategy around India by tapping into the innovation ecosystem in Bangalore. Being a global company with customers worldwide, we have fundamentally done significant innovation in India. That is core and central to our strategy.

We have built major amount of talent expertise and invested in R&D engineering that helped us expand into new areas within MetricStream in Bangalore. For example, we are tapping into the emerging market from India for opportunities across different domains. As I look forward, we have built a team of over 2000 employees in India and our challenge is to continue to be the employee of choice and build deep domain expertise in GRC. 

GRC is a very domain-heavy space. There are best practices in large financial markets, large companies in healthcare and other verticals. We are making sure that our team is not just technically competent but also domain competent. 

Acceptance of solutions in a new domain like GRC takes time. Is that a roadblock in India?

The roadblock is more around us as we are investing to educate talent to help bring people up to speed in GRC. We launched Metricstream University in mid-2014 because it was not easy to find people with GRC expertise, though you will find some talent in accounting firms like E&Y, PwC and Deloitte, to name a few. But after a few years, as GRC becomes more popular among enterprises, we will interact with hundreds and thousands of domain experts.

Metricstream is now the largest university in GRC with curriculum, programs certification and training.  We are working with universities to train and then hire talent. We are also ensuring trained domain experts are available for our partners like Infosys, TCS and Wipro. With large availability of talent pool in GRC, it will be a lot easier for us and also our partner ecosystem to execute projects.

Why is GRC not on every CISOs agenda?

Most CISOs are occupied more around 'block and tackle' solutions, vulnerability assessment and basic fixes to avoid blatant security breaches. The companies up the maturity curve with basics in place are the ones embracing GRC. Companies more advanced in infrastructure are using GRC to get a 360 degree perspective to know emergence of risks and then proactively and prospectively address and fix them.

In more developed economies and developed companies, GRC is now a must-have globally. India is an emerging market as many businesses are still climbing up the maturity curve. And as they are at right stage and correct time to embrace GRC technology, we are making sure to be at the forefront as a technology enabler. The adoption of GRC in India is very encouraging for us.


1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.