Inside the New Era of Digital Trust: An Interview with Sushmita Dey Banik

Digital risk and compliance are changing fast, and businesses need clear guidance to keep pace. Sushmita Dey Banik brings over 17 years of experience in GRC, cybersecurity and digital transformation across Shell, KPMG and SmarTek21. She has built trusted platforms, led major programmes and shaped AI-driven governance models used by global enterprises. In this exclusive interaction with StartupTalky, she explains how automation is reshaping GRC, why human judgment still matters, and what organisations must do to stay secure, compliant and future-ready.

StartupTalky: How is automation changing the way GRC is managed today, and which parts still need human judgment?

Sushmita Dey Banik: Automation has shifted GRC from retrospective reporting to an integrated, real-time discipline. In previous transformation work, automated controls reduced delays, removed ambiguity and created a consistent view of compliance activity across teams. This kind of visibility changes the rhythm of governance, because compliance becomes part of day-to-day operations rather than a periodic exercise.

Even so, judgment remains central. Leadership decisions, ethical considerations and regulatory interpretation still need human oversight. Automated risk signals are only meaningful when placed in context. Automation brings speed and accuracy, while people provide direction and accountability. Strong GRC environments rely on both.

StartupTalky: As more organisations rely on AI for compliance tasks, what risks do you see when automated systems influence regulatory or risk-related decisions?

Sushmita Dey Banik: The greatest risk is misplaced confidence. When a model’s output is accepted without the same scrutiny applied to traditional controls, exposure increases. AI can streamline governance, but it must be challenged and validated like any other decision-support mechanism.

There is also an ethical dimension. In earlier conversational governance work I delivered, we retained human review points because certain decisions require value-based judgement. Technology can assist, but accountability should remain with people, not algorithms.

StartupTalky: You have delivered major GRC and cybersecurity platforms for global companies. What principles guide you when building systems that need to be reliable, transparent and secure at scale?

Sushmita Dey Banik: A few principles guide my approach.

• First, systems must be trustworthy by design. Clear data lineage, transparent rules and consistent transformations allow teams to rely on the outputs.
• Second, solutions must be shaped around real users. Past projects succeeded because they were built with continuous user feedback, which ensured confidence and adoption.
• Third, integrity has to be safeguarded at every stage. Whether working on cybersecurity processes, supplier assessments or predictive controls, I treat reliability and transparency as foundational elements rather than optional features.

StartupTalky: Cybersecurity threats evolve faster than regulations. How can enterprises keep their security posture strong while still meeting compliance requirements?

Sushmita Dey Banik: Security and compliance work best when treated as aligned objectives. In previous roles, aligning control design with audit and regulatory expectations created stronger protection without compromising compliance.

Continuous monitoring is becoming essential, as it shifts organisations from reactive defence to proactive resilience.

Alignment across leadership functions is equally important. Fragmented governance across security, audit, legal and business units can be more damaging than the evolving threats themselves.

StartupTalky: What technologies or approaches will shape the next phase of digital risk management, especially in predictive compliance?

Sushmita Dey Banik: The next phase will be driven by systems that can observe, interpret and act in real time. Continuous monitoring will become standard practice. Predictive controls will redefine how assurance is understood.

Lightweight, modular compliance tools will also grow in relevance, especially for fast-moving organisations that need agility without weakening governance structures.

Natural interfaces will play a major role as well. When people can report risks conversationally, data becomes richer and insights become more accurate.

StartupTalky: Many businesses still treat GRC as a compliance checklist. From your experience, what shifts are needed to make GRC a more strategic part of the business?

Sushmita Dey Banik: GRC becomes strategic when organisations focus on what their controls reveal about how they operate, not just whether they meet formal requirements.

I have seen leadership engagement shift meaningfully when governance frameworks were tied directly to business objectives. In such cases, risk management becomes an enabler rather than an obligation.

The turning point often comes when GRC is treated as an intelligence layer that strengthens decision-making across the organisation.

StartupTalky: You have worked extensively on AI governance. What practical measures can organisations adopt to ensure their AI systems remain ethical, transparent and compliant?

Sushmita Dey Banik: Governance should begin during design, not after deployment. In earlier product work, ensuring data lineage, transparent model logic and secure handling before launch allowed the system to scale responsibly.

Continuous review is also crucial. Models evolve with data, which means organisations need regular bias checks, risk evaluations and clear governance gates built into daily workflows.

Finally, decisions must remain explainable. Whether the system flags incidents or evaluates third-party risk, users should be able to understand how conclusions were reached. Transparency remains central to trust.

StartupTalky: You mentor talent in the GRC and cybersecurity space. What skills gaps do you see in the current talent pool, and how can the industry encourage more diverse and inclusive leadership?

Sushmita Dey Banik: A key gap is applied judgment. Many professionals know frameworks but find it difficult to translate them into practical decisions. Scenario-based learning and exposure to real cases help bridge that gap.

Another gap relates to emerging expectations around AI governance, where structured guidance is still limited.

For diversity and leadership development, intentional investment is essential. When underrepresented talent receives targeted support and opportunities, it strengthens the entire governance ecosystem. Diversity is not a side effort. It is part of building resilient, future-ready leadership.

How Artificial Intelligence Is Transforming Business

Artificial Intelligence is a critical factor in the strategy of those who want to expand their business impact in this digital era to make a win.

StartupTalky- Business News, Insights and StoriesAvinash kumar mahato