GS Jha is the CIO and CISO at CareDx, leading initiatives that save over $5 million annually, improve compliance, and boost sales by 15%. Committed to innovation teamwork and talent development, GS drives organizational success by leveraging advanced technologies and fostering a collaborative environment. Dedicated to continuous learning, GS is pursuing MS in Cybersecurity from Georgia Tech. He also holds an MBA from Northwestern University and a MS in Computer Science from Wayne State University.

Jha is a collaborative, customer-focused IT leader with a proven record of outstanding performance and employee engagement. He leverages his extensive experience in global IT management, digital transformation, program and vendor management and cyber-security to drive product pipelines, revenue and profitability goals. His strong communication skills and strategic vision enable him to successfully navigate complex business challenges and drive successful outcomes.

Insights about Professional Journey and Current Responsibilities

I've had a diverse career across multiple industries, starting in IT services with a major corporation and a Big Five consulting firm. In the second half of my career, I transitioned to the life sciences industry, beginning with an IT management role at Amgen in California. Since then, I've focused on drug and medical manufacturing, leading large-scale initiatives for CEOs and senior leaders. Over the past decade, I've spearheaded significant cyber-security initiatives, leveraging my experience in managing large global teams and implementing projects worth hundreds of millions of dollars. My educational background, including a bachelor's and master's in computer science, an MBA from Kellogg School of Management and my current pursuit of a master's in cyber-security from Georgia Tech has been instrumental in preparing me for my current role.

Global Trends Shaping the Cyber-Security Landscape

Cyber-security is rapidly becoming a top priority for IT professionals and companies worldwide due to several evolving factors. Traditionally, IT systems were developed with the assumption that users wouldn't exploit security vulnerabilities, leaving gaps that are now being targeted. Many software engineers lack the training to integrate cyber-security by design into their processes, systems, software development cycle and future enhancements. The software and technology providers are only recently catching up with the need to embed robust security measures across platforms, whether cloud-based, SaaS or on-premise to make it more cyber secure. This convergence of issues has led to a surge in cyber-security incidents, making the cyber-security industry grow rapidly, even surpassing the growth of the broader IT industry. Compounding this, nation-states have weaponized cyber tactics, using hackers to attack companies and steal intellectual property, further intensifying the global cyber-security landscape.

Cutting-Edge Cyber-Security Technologies on Our Radar

I've noticed a persistent mindset in many corporations that cyber-security is a problem for ‘someone else’. This denial, especially among some IT professionals leads to a false sense of security—they believe they know how to handle cyber-security but often don't. It's crucial to understand that cyber-security is everyone's responsibility, not just IT or cyber-security teams.

When I join a new company, I emphasize that being cyber-secure begins with each individual. It takes just one person to fall for ransomware and the whole company pays the price. It is vital to create a culture of awareness and responsibility and need to equip employees and contractors with the right tools to prevent mistakes.

We've implemented a range of tools to protect our endpoints, monitor, detect and respond to threats. We safeguard our endpoints, cloud systems and perimeters and work closely with our SaaS providers to ensure they comply with our policies, which we regularly audit. We also use the NIST and ISO 27001 frameworks to standardize cyber-security tools, configurations, training and SOPs across the enterprise.

Successful Project Initiative: Strategies and Key Takeaways

There are numerous tools and technologies at my disposal and my organization has expertise in using them effectively. Despite that, one major challenge we face is the human element—employees falling prey to social engineering. Even after extensive training, 6 percent of our staff still click on phishing emails, often swayed by tactics like receiving a text from a ‘CEO’ with a photo, urging them to act quickly on supposed legal matters. To combat this, we’ve gamified cyber-security and created a competition where employees who spot phishing attempts with 100 percent accuracy throughout the year win $1,000. The competition has fostered a culture of vigilance, with everyone being extra cautious whenever an email labels itself as being from an external source and has significantly reduced phishing incidents.

Cyber-security isn't just an IT responsibility but it’s a collective duty. In a world where one wrong click can jeopardize an entire organization, creating a culture of vigilance and continuous learning is the strongest defense against evolving threats.

For our software developers, we've incentivized secure coding by offering a $2,000 team reward if they incorporate key cyber-security measures in every release. They seek new techniques through YouTube videos and Google searches, creating a healthy competitive environment that has led to impressive outcomes.

Charting the Course for Future Cyber-Security Achievements

As a CIO, I evaluate any role from two key perspectives: the potential to make a strategic impact on the company’s goals and the opportunity to develop future leaders within the organization. If both are present, I consider the role. In my current position, I've restructured the entire IT organization, aligning people, processes and strategies with internal and external stakeholders, as well as the company's goals, CEO and board. I'm committed to hiring individuals with multi-dimensional skills, strong problem-solving abilities, critical thinking and a customer-focused mindset. My passion lies in driving significant strategic change and nurturing future leaders, whether they remain with the company or move on to make similar impacts elsewhere.

Staying Ahead of Global Data Privacy regulations

Data privacy and cyber-security is ever evolving and becoming more complex due to the lack of unified standards. In the U.S., different states have varying data privacy requirements. The European Union, Asia Pacific and other regions also have diverse regulations, creating significant challenges in compliance.

At CareDx, we address this by employing specialized data privacy attorneys who stay updated on global regulations. They simplify these complex requirements into business-friendly terms that allow us to develop a comprehensive, umbrella policy that covers various legal obligations without creating multiple policies for each state or country.

We educate our employees on these policies and integrate them into our systems like ERP and CRM to automate compliance. This approach minimizes the burden on individual employees to understand and comply with regulations. Our regulatory compliance group collaborates closely to stay current with any changes to ensure our policies and systems remain up-to-date.

Advice for Senior Leaders and Upcoming Professionals

The IT and cyber-security fields are rapidly evolving, especially with the advent of AI and generative AI. This makes it crucial to always be open to learning—thinking you know enough will make you obsolete quickly. Also, the rapid advancements in technology will bring many challenges. Don’t view them as burdens; see them as chances to apply and expand your skills. I believe that best learning happens in tough situations, both personally and professionally. I value hiring problem-solvers and critical thinkers with a hunger for learning and a positive mindset who can turn challenges into opportunities. This mindset is a key to cultivating the next generation of leaders.