Project Management

Please login or join to subscribe to this thread

How Are Project Managers Involved in Cybersecurity Governance, Risk, and Insurance Strategies?

linkedin twitter facebook   Governance   Risk Management  
avatar
Besa Muthuri Senior Portfolio Manager| The Coca-Cola Company Atlanta Georgia, United States

As organizations increasingly prioritize cybersecurity, I’m curious to learn how project managers are being engaged in the intersection of project delivery and cybersecurity, particularly around governance, risk management, and insurance.



How involved are project managers in shaping or implementing cybersecurity governance frameworks within your organizations?



What role do you play in identifying and mitigating cyber risks during the project lifecycle?



Have you worked on projects where cyber insurance was a key component of risk mitigation planning?



Are there any tools, frameworks, or best practices you’ve found helpful in aligning PM practices with cybersecurity and GRC standards?



I’m currently building my understanding of GRC functions and how project leaders can proactively contribute to organizational cyber resilience. Would appreciate any examples, insights, or lessons learned.



Thanks in advance!
Sort By:
avatar
Kiron Bondale Retired | Mentor| Retired Welland, Ontario, Canada
Besa -

So long as you engage control partners who act as gatekeepers for various areas of concerns (e.g. legal, cybersecurity, privacy) as committed stakeholders early on and on an ongoing basis, incorporate their requirements into project scope and ensure they are involved with verification & validation activities, there shouldn't be nasty surprises when project outputs are ready to be transitioned.

The bigger challenge is in getting sufficient commitment of their time to participate as their first priority will usually be the operational safety of the organization.

Kiron
avatar
Francisco Herrera
Community Champion
Program Manager, PPM&PMO Specialist.| Coppel, Mexico. Culiacán, Sinaloa, Mexico
Besa Kapisha Muthuri I've seen how crucial cybersecurity has become in project delivery. In our organization, we have a dedicated functional area responsible for cybersecurity. They are invited to join the project team or act as stakeholders whenever necessary to ensure compliance.
Regards! Francisco.
avatar
Martha Phiri
What has worked for me is to involve the security team from Project Initiation.
During Requirements gathering and Refinement with users, the Risk& Assurance team comes in to assess risks for each process in the workflow.
Once this process is done, the systems architect comes in to look at the system architecture & design and determine the specs hardware required. At this point, the security team which is part of the Architecture Review Board looks at the security aspect of the design.
once approval is gotten, development/coding works start and progress to near completion, the security team comes in to conduct assessments such as Penetration tests and VAPT.
Changes made after UAT are implemented and Security Assessments are done and system is deployed.
Even after the new system is in operation, the security team does conduct regular assessments
avatar
Pavan Maddi
Community Champion
Buona Vista, Singapore

Great topic, Besa. PMs must work closely with cybersecurity and GRC teams from day one. Our role is to align plans, flag risks early, and ensure secure delivery. Cyber insurance, frameworks like NIST, and regular security reviews have helped us stay ahead in critical projects

Please login or join to reply

Content ID:
ADVERTISEMENTS

"I don't know anything about music. In my line you don't have to."

- Elvis Presley

ADVERTISEMENT

Sponsors







Vendor Events

See all Vendor Events

Newsletters

Jun 3: The Career Problem Facing New PMs
May 20: Your PM Career as a Project Life Cycle
May 13: The Big Lie After Layoffs

See all newsletters