Cybersecurity demands dynamically resilient leaders like Priyanka Sunder, a multi-award-winning Information security leader recognized as a dynamic expert in Cybersecurity, IT, Information Security Governance, Risk and Compliance, leveraging 2 decades of rich experience in Technology Risk management, IT Audits, Cloud Security, Vendor Governance, Business Continuity Planning, Data Security & Governance and Information Security Project Management.
She drives strategic results and is known to promote operational excellence through her various governance roles at India’s leading bank, telecom firm, NBFC, and APAC’s prominent stock exchange firm. She has earned her pedigree through her 5-year stint in IT advisory roles globally across India, UK & Singapore at Insurance IT services firms top Big 4 and more than a decade of pivotal Information Security positions held at several Fortune 500 Financial Institutes, NBFCs, Home Loans, & Insurance IT services firms having stakeholders across Asia Pacific, United Kingdom, United States of America and Europe.
A Purpose-Driven Start: From Intuition to Vocation
Priyanka embarked on her journey to explore Information Security as her vocation 20 years ago with a passion for simplifying and securing technology, financial services and telecommunications. This intuition became her calling as a student. At the same time, she came across several disturbing impacts of terrorism data breaches, financial frauds, social engineering attempts to compromise personal welfare, digital frauds and online abuse. She advocates violence-free, stress-free, secure and responsible use of digital resources. She envisions this digital era as a big milestone in economic growth, innovation, and financial and societal inclusion.
The Academic Powerhouse Behind the Cyber Guardian
Before Priyanka’s professional journey began, she earned her Bachelor’s in Computer Engineering from the renowned Sardar Patel College of Engineering, Mumbai University, a dual Master’s in Information Management from Syracuse University and a Master’s in Cloud Computing from Simplilearn online. She forged her post-graduation degree in 2005 by completing a Certificate of Advanced Studies in Information Security Management from the School of Information Studies, Syracuse University, USA.
This laid her foundation in a combination of fields like Information Security, Artificial Intelligence, Information Management and Project Management which were her electives. She continues to upskill with relevant professional certifications in the last decade.
She holds more than 30+ professional certifications across disciplines like Certified Information Systems Auditor, ITIL V3 Foundation, Artificial Intelligence, Cloud Security, GenAI, Zero Trust, ISO 27701 Privacy Information System Certificate, ISO 20000 Lead Implementer – IT Service Management, Network security, Vulnerability Assessment, Penetration testing, Mobile Security, Computer Hacking and Forensics. She also holds a Certificate of Professional development in Applied Neurosciences and Brain Health and Certificate in Hatha Yoga amongst other various courses completed for holistic wellness from Art of Living foundation, a non-profit organization.
Shaped by Big 4 Insights, Guided by Strategy
Priyanka’s early exposure to diverse global clients through Big 4 IT Advisory firms gave her an edge in navigating varied risk landscapes. “Conducting IT audits for financial institutions, FMCG giants, and telco firms taught me to tailor security strategies to each organization’s unique environment,” she says. “It also taught me how to present audit gaps in a way that drives executive action.”
Guarding Millions, Guided by Regulatory Mastery
Now, with a role overseeing security of PAN India employees across 1000 branches and millions of customers across India, Priyanka emphasizes data-driven decision-making and operational excellence. Her broad regulatory knowledge—from RBI Cybersecurity and IT regulations to MAS TRM – Technology Risk Management guidelines, NIST CSF 2.0, and ISO standards—enables her to design frameworks that are compliant yet flexible. “Information Security is industry-agnostic,” she asserts. “When integrated with people, process, and tech, it safeguards crown jewels while preventing massive losses.”
Pioneering Cybersecurity Across Global Industries
In her illustrious career, Priyanka has successfully executed cybersecurity transformation initiatives, led high-impact projects, and collaborated with cross-functional teams to foster a culture of enhancing information security resilience across global financial services and telco industries. She is a compelling thought leader known for translating complicated industry risks into actionable plans to drive the alignment of cybersecurity strategy with business goals. She has led large-scale risk assessments while implementing process enhancements & leading high-performing teams.
Her focus is on proactive defence measures & compliance with industry standards, where she effectively communicates complex security concepts to stakeholders in order to prioritize regulatory compliance & optimize technology and information security control implementations across diverse industry landscapes.
She is a respected academician striving to build cyber-resilient communities and mentors aspiring women professionals to address the skill deficit in cybersecurity by volunteering for Diversity, Equity and Inclusion initiatives at several Non-profit organizations and in her current role. She presently works as Vice President of Information Security at Sumitomo Mitsui Financial Group India Credit Company Ltd.
Metrics That Matter: Evaluating Cyber Hygiene
“When assessing the effectiveness of a cybersecurity program,” she explains, “It is important to prioritize key indicators like the number of critical incidents, remediation turnaround times, audit observation closures, patching compliance, access violations, endpoint security trends, and awareness training status. These metrics offer deep insight into an organization’s cyber-hygiene.”
Championing Cloud Security with Vision
Priyanka also champions cloud security. With dual master’s degrees in Information Management and Cloud Computing, she understands the balance between innovation and risk. “Migrating in phases, addressing misconfigurations, and ensuring proper key management are essential to managing cloud security challenges,” she notes.
The Evolution of Information Security: Deep Integration into Business and Technology Operations
In her two decades in this industry as an information security professional and a mentor at non-profits, Priyanka says she has noted the stark change in perception of how this domain is viewed now. Earlier Information Security was an intriguing field more for the military & government initiatives; however; with the advent of Internet 2.0 decades ago and smartphones and Tablet PCs a decade back, this belief has changed. “I have witnessed Information Security grow as a discipline from just safeguarding CIA (Confidentiality, Integrity and Availability) triad to being integrated into business processes and IT-IS operations,” she adds.
It is an integral part of IT-IS operations like
- Transaction processing with maker checker controls,
- Fraud monitoring tools and processes to identify and respond to online frauds,
- Multi-factor user and customer authentication during login,
- Biometric ID authentication for service requests,
- Protecting against privacy violations of customers and users/staff,
- Collaboration across development, security and operations teams through DevSecOps adoption,
- Sustaining business continuity operations through BCP testing along with Disaster Recovery testing, and
- Call tree testing to verify if the end-user can still access and use tools during a disaster to perform his regular tasks and so on.
Cybersecurity: A Multi-Domain Discipline
Erstwhile Information Security has transformed into a comprehensive discipline overarching several domains such as IT Audit, Infosec Compliance, Cybersecurity Defense, IT GRC, IS GRC, Cloud Security, Mobile Security, Cybersecurity Forensics, Product Security, Network Security, DevSecOps, Vulnerability Assessment, Penetration Testing, Identity Management, Data Security and Governance, Data Privacy etc. Priyanka says she is fortunate to have an academic bent and to have channelled her passion in more than one area of this vocation, as she firmly believes more is less in Cybersecurity.
Unique Risk Landscapes in Financial & Telecom Sectors
According to Priyanka, there are significant risks in the financial industry. They would typically be banking service downtimes due to technology glitches, lack of skilled Infosec professionals for technical tasks, lack of cybersecurity awareness amongst employees and customers, inadequate process controls like BCP and DR readiness, user access reviews, privileged access management, insufficient cloud security to name a few, she adds.
Also, significant risks in the telecom industry would essentially be telecom services downtime due to network unavailability, misconfigured network devices and systems, including cloud misconfigurations, lack of network redundancy affecting key devices as they become single points of failure, lack of adequate monitoring of network traffic and system logs, delay in incident management resulting in wide impact of unavailability of telco services and other like.
While some of the risks are common in both industries, such as outsourcing risks, phishing attacks and lack of cybersecurity awareness amongst staff and customers, there are some unique industry-specific risks, such as IoT device security risks, network security risks, data channel security risks that are more critical in the telecom industry.
With over two decades of cybersecurity leadership, Priyanka, Vice President of Information Security, has carved a niche as a powerful force in safeguarding organizations across industries. Her journey, shaped by a strong foundation in IT audits and Big 4 advisory experience, is grounded in meticulous strategy and a human-first approach to risk.
Winning Awards:
Priyanka Sunder won several awards, the most significant of which are:
- Recognition as Top CISOs 2023 – BFSI.
- Recognition as Top 20 Indian Women Influencers in Security in 2020.
She was also recognized as one of the Top Cybersecurity Influencers India 2022 by the Confederation of Indian Industry.
Lifting Others While Climbing
Beyond boardrooms and audits, Priyanka uses her platform to uplift others. Recognized as a Women Tech Global Awards Mentor of the Year runner-up, she actively mentors aspiring professionals. “I struggled early in my career to find the right mentors,” she shares. “Now, I’m ensuring others don’t face that same hurdle. Real-life scenarios, micro-learning content, and personalized guidance are at the core of my mentorship philosophy.”
Advocating for a Safer, Inclusive Digital Future
Furthermore, her volunteer work entails creating information security awareness and cybersecurity resilience amongst young talent, students, women and professionals from other disciplines. She actively contributes to reducing the skill deficit issue observed for over a decade in cybersecurity. She supports gender equity in this field through DEI initiatives at her firm and with non-profits.
The Creative Soul of a Cybersecurity Leader
Apart from being a cybersecurity professional, Priyanka is an avid reader, prolific author, trained classical dancer, artistic painter, music lover, movie buff, amateur photographer and baker who loves travelling and exploring different places, cultures and cuisines globally. While she is a STEM professional, she is a creative and spiritual person at heart who de-stresses by spending quality time with nature, family, and friends and pursuing her hobbies, including yoga and meditation.
Looking ahead, Priyanka’s mission remains clear: “Cybersecurity is not just a function—it’s a culture. It’s everyone’s responsibility. And through awareness, collaboration, and empathy, we can build resilient communities equipped to face the evolving threat landscape.”
