Interview: Caroline Saunders, GBG, Women in Tech Excellence Awards finalist

“Technology never stands still, so we don’t either!”

Caroline Saunders is Governance and Compliance Manager at GBG and a finalist in the Security Professional of the Year category of the Women In Tech Excellence Awards 2024.

Caroline is responsible for maintaining GBG's information security certifications globally, ensuring their renewal and compliance with industry standards. With a background in computer forensics and computer security, Caroline has been an integral part of GBG's Governance, Risk, and Compliance team. She recently completed a master's in cyber security at the University of Northumbria.

Caroline has successfully led significant projects, including the transition to the new ISO 27001:2022 standard and is responsible for writing and maintaining GBG's Infosec policies, ensuring the company remain secure and trusted.

Caroline shared with Computing what this year has brought for her and her organisation and where she thinks the opportunities for 2025 can be found.

Please provide some background on your company for our readers.

GBG is the leading expert in global identity and location. In an increasingly digital world, GBG helps businesses grow by giving them intelligence to make the best decisions about their customers, when it matters most. Every second, our global data, agile technology, and expert teams, power over 20,000 of the world's best-known organisations to reach and trust their customers.

Being secure and trusted is at the heart of everything we do. We skilfully navigate regulation, compliance, and security in today’s digital landscape, ensuring our customers partner us with confidence.

What one company achievement in the last 12 months are you most proud of?

In my role I ensure we have policies and procedures aligned with the latest best practice and security standards and provide our team members with the guidance and requirements they need to succeed.

One company achievement I am most proud of is our successful transition to the new ISO 27001:2022 standard, an international standard for managing information security. This achievement not only demonstrates our commitment to being secure and trusted but also highlights our ability to effectively manage and implement complex projects.

This was a significant project that required a comprehensive understanding of the new requirements and extensive collaboration across various teams within GBG. We completed this transition over a year ahead of schedule, which is a testament to our proactive approach and dedication to maintaining the highest standards of information security.

Why are events like the Women in Tech Excellence Awards important to the IT industry?

The technology industry is a dynamic and exciting field that offers endless opportunities for growth and innovation and needs a continuous input of new skills, backgrounds and experiences. These events not only offer inspiration by showcasing best-in-class examples of women excelling in their fields but shine a light on the broad range of technology fields and specialisms that are out there.

The opportunities for networking and exposure are incredibly important, especially for new to industry or junior team members who are looking to expand their connections.

What have been the biggest challenges of 2024 so far, and how have you overcome them?

One of the biggest challenges of 2024 so far has been managing the transition to new compliance standards for both ISO 27001:2022 and PCI DSS 4.0 within the same year. This required running two significant projects simultaneously, which was demanding. I had to ensure a thorough understanding of the new requirements and effectively communicate these changes to team members across various departments, including technology, product, sales, and the people team.

By prioritising tasks and supporting team members in understanding and implementing the necessary changes, we successfully achieved compliance with both standards, completing the ISO 27001:2022 transition ahead of schedule. Obtaining these external certifications are critical as it allows us to independently monitor our compliance and demonstrate GBG’s commitment to the latest security requirements.

What do you see as the main opportunities for the IT industry in the coming year? How do you plan to capitalise on those opportunities?

I don’t think many readers will be surprised by my answer – AI!

AI presents a huge potential for innovation, but it’s crucial to approach it with the same rigorous standards and methodologies we apply to other technologies to ensure it remains secure and compliant. At GBG, we are focusing on harnessing AI in a way that enhances our capabilities while maintaining our commitment to security and trust.

AI is nothing new at GBG but by fostering a culture of curiosity, continuous learning and innovation within our global team, we are always finding new ways to leverage innovative technology to streamline and improve processes. Technology never stands still, so we don’t either! Personally, I am involved in consulting on AI policies and ensuring that our information security policies support these new technologies, which is crucial for maintaining our standards of security and trust.