Najma Sultana – Veem

It’s often said an infotech and cybersecurity department needs to be regarded as a business function, and that may hold especially true for digital payments processors.

It’s a message that Najma Sultana brought to Veem in early 2020. The San Francisco- and Ottawa-based firm provides a global payments platform, including option of payments via credit and debit cards, digital wallets, blockchain and the SWIFT identification code used by banks for international transfers. Technology’s the secret sauce, but that includes risks which she and her lean department must anticipate.

Najma Sultana | CIO and Chief Security Officer | Veem

“We are in a highly targeted sector for ransomware,” Sultana tells Toggle in March from her home in Canada’s capital city. “For us to be able to compete, we need to provide assurance to our investors, regulators and employees that we can protect our assets.”

As she progresses into her second year as Veem’s first chief information and chief security officer, Sultana can reflect on progress strengthening the company’s IT and cybersecurity. Only she can’t look back for long because there’s always another project on her agenda.

No room for error

“The defender, and that’s us, needs to be right all the time,” she emphasizes. “The threat actors only need to be right once.”

She’s made it increasingly difficult for the miscreants of malware to make that initial score, Sultana overseeing the three core pillars of defense: the assembly of core security capabilities, the adherence to regulatory compliance and the management of risk.

On her watch, Veem has achieved compliance in the systems and organizational controls known as SOC2Type 2. Given by a certified auditor of the American Institute of Certified Public Accountants, the certification involves an audit of security across an enterprise. Veem partnered with San Franciso-based Very Good Security who ensured the firm is audit-ready and its clientele can be confident that their data is duly safeguarded.

Veem, in partnership with Very Good Security, has also achieved the payment card industry’s acclaimed PCI-DSS L2 attestation—a designation for capably storing, processing and transmitting card data.

“I want our security to be baked in at every level,” she says. “From our product ideation, design, development and DevOps to the end customer journey, it’s at the forefront of every step in our process.”

Compliance dovetails with security as Veem’s business extends into more than 100 countries using around 70 currencies. With compliance and security fortified, Sultana’s department can take a more active role on the business side. Come next year, she expects IT and security operations to be in more of an autopilot mode that should further streamline procedures.

Going ahead of the curve

It’s taken some catching up for Veem to get here, noted Sultana, explaining how advanced cybersecurity seemed an afterthought when she assumed her dual roles in December 2020. Up until then, there was no formal IT and security practice in place.

But the bosses did recognize the need for someone of Sultana’s background and mindset. The India-born woman had succeeded elsewhere during a long career that began with her designing electronic systems in her native land after graduating as an engineer from Pondicherry University.

“In India you had two career choices: medicine or engineering,” she says. “My family wanted me to do medicine, but I was too queasy. Engineering was the pragmatic choice.”

The young Sultana impressed Motorola enough for it to offer her a position in Texas. Some summers later while visiting Canada, Ottawa had special appeal, the scenic city adorned in tulips—a tradition dating back to the Dutch royal family sending 100,000 bulbs here in gratitude for Canadian protection during World War II.

“Ottawa was just so pretty and Canada is so clean and efficient,” she says. “The respect and safety you feel as a woman and person of faith is very reassuring. My first exposure to winter was a shock, but I learned to romanticize the snow.”

Cold comfort

She joined STMicroelectronics in 1999 and rose as a regional manager of engineering infrastructure solutions. After 15 years she worked shorter stints, leading digital transformation and cybersecurity at Public Service Alliance of Canada, Hydro Ottawa and Air Canada.

Life’s also good at home, where her three young children keep active through soccer, badminton, karate, skiing and skating, sometimes with mom in tow.  With Sultana’s IT oversight, procedures have gone smoothly and securely but she knows her staffers—like her—have missed the face-to-face interaction, and recently the company has resumed partial in-person work at the office.

“There’s chemistry and the sense of belonging we all want,” Sultana says. “Sure, we can work remotely, but we’re still human beings.”

And she’s at the pinnacle of her profession, a CIO who’s entrusted with security. Other companies separate the roles, but while Veem is growing, it’s still a relatively modest operation with just over 100 employees. Sultana says she’s comfortable handling both responsibilities and can even make a bigger difference.

“I came from a large organization where I led IT digital transformation and security at the enterprise level and helped them move to their next level of growth,” she says of her two years as a senior director at Air Canada. “I can adapt to an agile organization where I roll up my sleeves. You can’t have an ego in a company this size.”

But you can have something that to her is priceless.

“Here, I have the same objective as the CEO,” Sultana says. “I want to grow the organization and make payments for small and medium businesses as fast, easy and secure as possible, and build trust with all our stakeholders.”

View this feature in the Spring II 2022 Edition here.