With deep experience in the world’s strictest financial regulations (APRA/MAS), I bring a level of rigor to NESA and TDRA compliance that ensures you are audit-ready, 24/7. No scrambling, just continuous assurance.
Compliance is Not a Season; It’s a Standard
In my 17+ years of leading Cybersecurity GRC across the globe—from the high-pressure financial hubs of Singapore and Australia to the visionary landscape of the UAE—I have learned one definitive truth: Audit readiness cannot be a fire drill. If your organization “scrambles” when the National Electronic Security Authority (NESA) or TDRA calls, it means your security posture is built on sand. My approach is different. Having navigated the uncompromising frameworks of APRA (Australia) and MAS (Singapore), I don’t view compliance as a “tick-box” exercise to satisfy a regulator. I view it as the operational baseline for organizational survival.
Rigor: The Difference Between Passing and Prevailing
When I talk about rigor, I’m referring to the meticulous alignment of technical controls with business objectives. In my past roles at global giants like Citi, State Street, and ANZ, there was no room for “approximate” security.
I bring that same institutional discipline to the UAE’s Information Assurance (IA) standards. Whether it’s implementing the NESA IAS or aligning with the Dubai Cyber Security Strategy, my focus is on continuous assurance. This means building a framework where safety and security are baked into the DNA of the organization, ensuring that you aren’t just “compliant” today, but resilient tomorrow.
Unwavering Integrity as Your Greatest Asset
Integrity is the cornerstone of effective GRC. To achieve the best results for an organization, a leader must be willing to speak the truth about risk—even when it’s uncomfortable.
My commitment to unwavering integrity means:
- No cutting corners: We don’t mask gaps; we bridge them.
- Strategic Transparency: Providing Boards and CxOs with a clear, honest picture of their risk landscape so they can make informed, safe decisions.
- Ethics-First Security: Especially as we move into the era of AI Governance (ISO 42001), ensuring that our security measures protect not just data, but the trust of our stakeholders.
Focus on Results: Safety and Security as Tenets
At the end of the day, an audit is a pulse check on your health. My mission is to ensure that your “pulse” is strong. By prioritizing safety and security as key tenets, we protect the organization’s reputation, its financial assets, and its future.
The UAE is racing toward a digital-first future under Vision 2031. To participate in that future, your compliance framework must be as ambitious as your business goals.
Don’t just aim to pass the audit. Aim to set the standard.
Pooja Shimpi is a Cybersecurity GRC & AI Governance Advisor with over 17 years of experience helping organizations navigate complex regulatory landscapes with rigor and integrity.
