EY Malaysia partner highlights companies’ need to elevate cybersecurity and risk compliance
Mah said that data protection and customer’s trust is essential for organisations in the digital age.
Vivien Mah is a Partner in the EY Business Consulting practice in Malaysia. She has over 15 years of experience in the fields of Information Technology, Retail and Manufacturing, and Oil and Gas. Her specialities include technology risk advisory, enterprise risk management, governance and compliance, data privacy programmes, and technology audit services.
Mah currently leads risk transformation programmes for governance and compliance initiatives, digital audit, trust by design, and global data privacy agenda including the development of myDigital regulatory and legislative framework for National Digital Economy and Fourth Industrial Revolution Council (NDE4IR), and digitalisation of end-to-end data privacy and legal compliance framework for a Fortune 500 Company.
Prior to joining EY Malaysia in 2011, she was with a Big 4 consulting firm in Singapore and was part of the Asia Third-Party Risk and Compliance team for an international bank where she was focused on governance, compliance and protection controls on digital assets and information.
Mah is selected to be amongst the esteemed judges for this year’s Malaysia Management Excellence Awards. In this interview, she shared how companies can heighten their risk and cybersecurity compliance and protection of data, and provided insights on ensuring equal opportunities in the workplace.
What inspired you to pursue a career in Consulting, and specifically, the digital technology aspect of the practice?
My career in Consulting was accidental and unplanned. I was offered a job as a fresh graduate in EY, without knowing much about technology 15 years ago. The first 5 years of my career were mostly spent on carrying out technology audits, including IT risk assessments and helping clients mitigate technology and system risks.
Buzzwords like big data, cloud computing, blockchain, data mining, chatbots, artificial intelligence started to emerge in the early 2010s and we helped our clients to transform and adapt. The ability of the creators of the technology that we use today to completely change the world in a very short period of time piqued my interest in this space.
I am fascinated by how ordinary things can connect millions of people with just a few button clicks, analyse millions of transactions per second or store 1TB of data in the “cloud.” Having a career in EY Consulting has given me the opportunity to understand, listen, and share some of the experiences that I was so fortunate to gain.
In your 15 years of experience in consulting and digital practice in Malaysia, what were some challenges you encountered as you advanced your career and how did you overcome them?
One of the toughest challenges for me was getting my ideas or suggestions heard. When I worked with a team of young and eager technologists, it took time to gain their trust and get them on board with my ideas. What I have learnt to do over time is to take a step back, listen and observe the dynamics of the team before suggesting changes and bringing solutions to the table.
Build a reputation of being objective and reasonable, and trust will come your way.
As an advocate of diversity and inclusion (D&I) at EY, please give us a glimpse of the programmes you are working on to equalise the treatment of women and men in the workplace.
At EY, we take pride in diversity and inclusiveness (D&I) and believe that an empowered diverse workforce is the foundation for long-term value for clients, people and society. D&I are core to who we are and how we work.
Diversity is about differences. At EY, we think broadly about how we are different, and this includes gender.
Inclusiveness is about leveraging our differences to achieve better business outcomes. It is about creating an environment where all of our people feel and are valued – where they feel they belong and contribute their personal best in every encounter. We are committed to inspiring and advancing gender and social equity, and promoting inclusive growth, to fulfil our purpose of Building a Better Working World.
There are EY Programs related to accelerating gender diversity. “Women. Fast Forward,” is the EY global platform that engages our people, our clients and our communities to advance gender equality. As part of this, we have programmes focused on driving the Women in Tech (WiT) movement in our technology businesses and nurturing leadership teams that reflect the rich diversity in our workforce population. The EY Entrepreneurial Winning Women™ programme supports female entrepreneurs to grow and scale their business across all sectors including technology. EY has also been actively implementing wellbeing programmes to support our people, especially during the unprecedented times of the COVID-19 pandemic.
In your opinion, will this generation live to witness equal opportunity in the workplace? What hurdles do we have to jump over to achieve this?
Equal opportunity enables people to compete on a level playing field and grants equal access to opportunities. It recognises that advantages and barriers exist; and that we all don’t start from the same place. What we can do first is to begin by acknowledging our unequal starting points and make a commitment to correct and address the imbalance.
I believe with commitment, focus and action from all stakeholders, and with strong leadership support, we can ensure impactful change and progress in gender equity in the workplace and society.
If you were to mentor a young woman aspiring to the same career path as yours, what advice would you give her?
Dream big and don’t give up. Believe that your ideas and solutions are as good as anyone else’s. Don’t let anyone talk you out of your dream.
Always keep an open mind and have a “can-do attitude.” When we are sure of the path that we want to take, don’t hesitate and just do it! A mentor once told me that an idea without execution is a mere hallucination. The key to success is execution.
Learn to balance your work and personal life and set priorities early in life. For instance, some may want to focus on gaining knowledge and building a successful career in the first 10 years of their professional life; and then focus on their family and their personal wellbeing for the next 10 years. Everyone has different priorities at different stages of life. Learning how to juggle and setting your priorities early help to ensure success in your personal and working life.
What skills or attributes should upcoming audit professionals gain if they aspire for a leadership position in the sector?
Digital skillsets in data analysis tools and techniques. Often, we hear the phrase, “Data is the new oil.” Data is indeed a critical asset for any organisation. Having the right skill set to interpret data sets will provide insightful trends and new perspectives to things we already know.
Critical thinking and business acumen are types of reasoning that require us to step outside our own judgments and biases, in order to consider all perspectives, question the validity of each, and reach a conclusion. It is important to not only be able to identify what can go wrong but also connect the dots to articulate the true business impact. Great leaders have the ability to look ahead, anticipate and articulate potential pitfalls or challenges before their teams can.
Communication skills – Audit professionals or business consultants are trusted agents, who help organisations prepare for disruptions and mitigate risks. Strong communicators have the ability to inspire confidence and trust, which are key leadership qualities.
New types of cyberthreats are evolving all the time. In your opinion, what steps can companies take to safeguard and elevate their cybersecurity compliance and protection of data?
It is a known fact that protecting data is essential for organisations in this digital era. The EY Global Information Security Survey (GISS) explores the most important cybersecurity issues that organisations face today.
The EY GISS 2021 report, which surveyed over 1,400 cybersecurity leaders from around the world, looked at the major impact that the COVID-19 pandemic has had on the function, and how companies have taken steps to upscale their cybersecurity programme and safeguard their data. This includes aligning the approach with the business and obtaining appropriate cybersecurity programme funding, which can be done by mapping the cyber strategy to the business and IT strategy, establishing a risk profile aligned with business goals and anticipating the needs, as well as applying the appropriate levels of controls to protect the things that matter the most.
It also includes understanding the compliance stakeholder compass to involve and consider cybersecurity early in any new transformation.
- For regulators, prioritise certifications and attestations, along with regulatory mapping.
- For management, set the tone from the top in terms of reporting and accountability.
- For vendors, third parties, and the supply chain ecosystem, focus on due diligence, a compliance checklist, standards and testing throughout the data lifecycle.
- For engineers, product managers and the IT security team, embed the appropriate security controls and privacy by design to protect and safeguard data during the early design stage.
Lastly, it includes reviewing the existing talent pool, resources and training awareness programmes. Safeguarding data in an organisation today expands beyond the pool of IT security specialists, involving everyone. The best approach is to have an integrated awareness programme that incorporates everyone’s role and responsibility to protect and safeguard data in the organisation. It is also important to build a specialist team that balances a combination of broad disciplines, with the understanding that each team member has his or her own strengths and weaknesses. Protecting data is not only the responsibility of the IT security team, it is the collective responsibility of everyone in the organisation.