Improving Governance in DubaiSmartworld's Baig on Drafting an Effective Risk Framework
The government of Dubai has been encouraging citizen-friendly policies and governance best practices. In alignment, global institutions have been taking up large projects across domains, which has indirectly given rise to the need for improved governance and risk management frameworks.
"Owing to the demand, CISOs have the task of initiating a good governance structure within their organization and understanding the nuances of evolving an effective risk management framework to enable businesses identify risks," says Ahmad Qurram Baig, senior director-corporate strategy, risk & excellence at Smartworld, a Dubai government entity.
"However, it's not been easy for CISOs to formulate an IT risk management framework, as there's a challenge in understanding GRC from a business or board perspective," argues Baig.
The best way forward, Baig says, is to take a holistic approach and have dialogues with key stakeholders such as CEOs and CFOs to help them spot the risks and then plan backwards, putting risk controls in place.
In this interview with Information Security Media Group at the GISEC event in Dubai, Baig shares his experiences on drafting an effective risk management framework and also the best practices to buy in the board room on GRC strategy. He also gives insights on:
- Skill sets required to evolve a GRC module;
- Opportunities of growth for GRC;
- Helping stakeholders identify risks.
Baig is a prominent speaker and cybersecurity expert in the MENA region, previously Head of information security and compliance at a Dubai government entity, CISO at an Abu Dhabi government entity and Head - Business Management and Advisory Services at TECOM (A Member of Dubai Holding). He has more than 16 years of experience in strategy, risk management & compliance, and information security advisory services. He's previously worked on projects for major airlines, banks, defense and federal agencies across the Middle East.
Varun Haran contributed to this report.