Intelligent CIO Middle East Issue 117 | Page 36

FEATURE: CIO PRIORITIES

Industry Leaders Are Already Making the Shift

Some of the region’ s most respected institutions are already moving in this direction. KPMG Lower Gulf, for instance, launched a dedicated‘ risk hub in the UAE in late 2024. Designed around a modern governance, risk and compliance( GRC) model, this hub demonstrates how ROCs can serve as proactive centres for risk intelligence, rather than reactive reporting lines.

Do we mitigate, accept, or transfer this risk? Crucially, it ensures that answers to these questions are not siloed within IT but collaborated on across business functions – with compliance leaders, CFOs and boards alike.

The ROC is a convergence point. It brings together cyber-risk, operational risk, regulatory risk and even reputational risk into one actionable framework. And to do this effectively, it must be grounded in data. This is where many organisations begin to feel the strain. SOCs can generate immense volumes of data, far more than most teams can contextualise. A 2021 estimate suggested the average global enterprise uses upwards of 70 security tools, each generating its own telemetry. CISOs may find themselves in the

It is not hard to see why this model is gaining traction. As businesses grow more complex, their‘ risk surface’ inevitably increases. Without a strategic function dedicated to monitoring and managing this surface, organisations are essentially flying blind. And in a region as dynamic as the Middle East, that’ s simply no longer tenable.

Laying the Groundwork for a ROC Today

Approaches to the construction of a ROC are still in their infancy, but if each company assesses its own realities against its goals and empowers the right teams to take action, progress could be rapid. Collaboration between CISOs, CFOs and compliance officers will be of particular importance, as will partnerships with peers and vendors.

36 INTELLIGENTCIO MIDDLE EAST www www.. intelligentcio. com. com