Voices of Change 13: Santosh Kamane, Cybersecurity Guru
Santosh Kamane is a Cybersecurity and Data Privacy Leader, CISO Coach, PECB Certified ISO 42001 Trainer and advisor and Virtual CISO
Our team spoke to her recently on corporate governance and independent directorship. Here are the excerpts from the interview:
- How can independent directors improve corporate governance practices in India?
Santosh Kamane : Independent directors play a critical role in improving corporate governance in India by ensuring transparency, accountability, and strategic oversight. Their unbiased perspective allows companies to align operations with regulatory requirements, ethical practices, and also build a ethical business practices.
One essential contribution of independent directors is strengthening risk management frameworks within these organizations.
If you recall, after the IL&FS crisis, independent directors were instrumental in demanding better financial disclosures and robust risk frameworks to prevent similar incidents.
By questioning management decisions and seeking detailed assessments, ID’s today are making sure that governance practices go beyond checklists and protect stakeholder interests effectively.
Independent directors also contribute by enhancing boardroom diversity, which enables well-rounded decision-making. For example, during an engagement with a fintech company, an independent director emphasized inclusive hiring policies. This directly improved the company’s ESG (Environmental, Social, and Governance) ratings, making them more attractive to global investors.
Another way independent directors elevate governance is by focusing on sustainability and long-term value creation. For instance, in a manufacturing company , it was recommended integrating energy-efficient practices into daily operations. This not only cut costs but also positioned the company as environmentally responsible, enhancing its reputation.
From a cybersecurity perspective, I recall an instance where an independent director raised concerns about inadequate security measures considering evolving data protection laws. Their intervention prompted the company to revisit its IT governance policies and implement robust data protection solutions, avoiding potential regulatory fines.
In India’s corporate world, where ethical lapses can damage investor confidence, independent directors are vital in ensuring companies operate responsibly and with integrity. Their ability to challenge the status quo, advocate for compliance, and prioritize stakeholder interests creates a foundation for sustainable and effective governance.
2) You are a respected figure in cybersecurity & data security-privacy. Please share your contributions as a senior leader in your domain
Santosh Kamane : As a senior leader in cybersecurity and data privacy, my work has centered on developing impactful strategies, guiding organizations globally, and implementing frameworks that integrate security with business objectives.
Over the years, I have led initiatives across industries like fintech, banking, and technology, ensuring these organizations are protected against evolving threats.
One of my key contributions has been designing and implementing resilient cybersecurity ecosystems. For example, during my tenure as a CISO at a fintech company, I established end to end cyber resiliency program. This not only ensured regulatory compliance but also secured sensitive customer data against threats.
Another significant achievement has been in mentoring cybersecurity professionals. At Rivedix, I have guided mid-level leaders to adopt advanced techniques in threat modeling, secure SDLC, and crisis response. In one instance, during a ransomware attack, my incident response strategy helped minimize downtime and data loss, ensuring the business’s continuity and credibility.
In data privacy, I have played a pivotal role in helping organizations achieve GDPR and data protection compliance. For instance, I worked with an AI-driven healthcare company to assess privacy risks associated with patient data, implement effective safeguards, and ensure compliance with ISO 42001 standards for AI governance.
As a leader, my work consistently aims to balance innovation and protection, enabling businesses to thrive securely.
3) How can overall board governance and board leadership be enhanced in the Indian corporate world?
Santosh Kamane : First, increasing board diversity is essential. A diverse board contributes varied expertise, leading to well-rounded and informed decisions. While gender diversity has gained focus, boards also need experts in technology, cybersecurity, and ESG (Environmental, Social, and Governance). For example, adding a cybersecurity expert to the board of a technology company I advised significantly improved their ability to oversee cyber risk and resilience.
Second, accountability and transparency must be strengthened. Boards should implement independent oversight mechanisms for critical areas such as financial practices, related-party transactions, and whistleblower processes. For instance, mandating quarterly risk assessments by independent audit committees can proactively address governance issues, reducing exposure to financial or reputational risks.
Third, regular education for board members is vital. As regulations evolve, boards need to stay updated on compliance requirements and emerging risks. For instance, workshops on topics like data privacy regulations or AI governance can help board members make informed strategic decisions. In one engagement, such workshops enabled a manufacturing board to seamlessly adopt and implement global compliance standards.
Fourth, adopting technology-driven governance tools can enhance decision-making. Tools such as secure communication platforms, compliance dashboards, and risk analytics systems enable real-time insights and informed decisions. At a company I consulted, implementing these tools allowed the board to track compliance metrics effectively, streamlining governance.
— — — — — — -
Brief Profile
Santosh is a seasoned cybersecurity leader, strategist, CISO, Entrepreneur, and strategist with over 20 years of progressive experience in building robust information security and risk management programs. With over 12+ years of experience in CISO and leadership roles, Santosh has driven enterprise initiatives on Information security, Risk Management, Data Privacy and Business Continuity Professional.
