Interview with Nemanja Miljkovic, CIO at HORISEN
“True compliance goes beyond regulations – it’s the foundation of trust in IT and data security.”
This is how we open our conversation with Nemanja Miljkovic, CIO of HORISEN.
The occasion for this interview is Nemanja’s recent acquisition of certifications as a DORA Internal Auditor and NIS2 Internal Auditor, further strengthening HORISEN’s position in navigating the latest security and regulatory frameworks.
Hence, it’s the perfect time to reflect on another essential truth: compliance is inseparable from long-term investment in people. At HORISEN, it is not just policies and protocols that keep us aligned with global standards – it is the continuous education and empowerment of our teams.
In this interview, Nemanja shares how HORISEN ensures its platforms and processes remain secure, future-ready, and fully aligned with the world’s most demanding regulations – and why building a strong internal knowledge culture is key to it all.
Let’s start with the big picture. How important is cybersecurity in your line of work at HORISEN?
Nemanja: Cybersecurity is absolutely foundational. For a company like HORISEN, which provides both software and cloud services to some of the world’s biggest messaging players, the importance of security cannot be overstated. One overlooked vulnerability or weakness can compromise everything you have built over the years. That is why we are constantly revising governance, working on improvements, assessing risks and applying new measures.
Nowadays, it is essential to have awareness about the need of constant improvement and every applied measure should be considered as one more piece in the puzzle of our cybersecurity GRC (Governance, Risk and Compliance) program. Some examples of technical measures recently applied measures are 2FA with TOTP, continuous container scanning in our CI/CD pipelines, and comprehensive monitoring across networks, systems, software, and databases. But security does not stop at tools, IT and technical measures. It is an ongoing effort that involves people, processes, and technology.
And how does compliance fit into that equation?
Nemanja: Compliance with standards and regulations in the area of information security and privacy gives us a systematic approach towards industry best practices, which helps us on our mission to effectively protect our business from various existing threats. On the other hand, compliance is no longer optional – it is the baseline for doing business. Especially when you are working with large corporations or regulated sectors, you need to prove you are aligned with major standards, frameworks and laws like ISO 27001, ISO 22301, GDPR or PCI-DSS and the newer regulations like NIS2 and DORA.
It is not a matter of “if” we align with these standards, but “how” and “when.” Clients will not even start a conversation if a company is not compliant – that is how much the market has shifted. Standards like NIS2 and DORA place clear responsibility on vendors to meet stringent security requirements, so it is not just about financial, critical and core institutions. Consequently, even though we are not considered a critical infrastructure provider ourselves, we serve companies that are, and that puts us in scope.
HORISEN has been actively investing in compliance for years. How have you approached that internally?
Nemanja: We have taken a proactive approach from the beginning. Over the years, as HORISEN’s DPO and CIO, I went through personal training and certifications for implementer, internal and external audit for ISO 27001, GDPR, ISO 22301, NIS2, and DORA.
Next in the plan is external auditor certification for the recently released ISO 42001, which focuses on AI management systems – specifically, how AI is used, regulated, and governed within the company. But we did not stop at individual certifications. We have built a cross-functional compliance team that includes people from legal, finance, information security, and other key departments.
The goal of this team is to help with the establishment and maintenance of general regulatory compliance, including but not limited to the already mentioned standards, regulations, and frameworks. We are already ISO 27001 certified and GDPR compliant for years, but now is the time to move forward and go beyond already established programs.
You mentioned employee education as a major part of your compliance strategy. Can you tell us more about that?
Nemanja: Absolutely. At HORISEN, we believe that compliance starts with people. Over the years, we have built a secure and stable environment not just through policies and technology, but by continuously investing in our employees’ professional growth. Employees complete training and certifications, and then they transfer that knowledge internally – it is a cascading model. We also run awareness campaigns and internal workshops to keep everyone informed and up to date. It is not about one department handling compliance – it is a company-wide mindset.
Given the widespread shortage of trained professionals in areas like cybersecurity and GRC, our best strategy is to ensure that our own team is continuously learning, while actively sharing and distributing information, knowledge, and experience throughout the company.
With so many evolving standards, how do you stay ahead?
Nemanja: We monitor changes continuously and improve our systems regularly. That is essential to staying aligned with current and future standards. Compared to NIS, NIS2 has significantly expanded its scope, not only covering critical infrastructure like government institutions, telecom operators and the energy sector, but also placing obligations on other sectors and their vendors and suppliers.
DORA placed specific requirements for resiliency in the financial sector, but also defined supply chain management obligations that must be followed. While HORISEN itself is not classified as a critical supplier, many of our clients are – and that places us under indirect but essential scrutiny.
Because of this, we already operate at a high level of compliance that meets the expectations set for vendors serving critical sectors. In essence, we align ourselves with the same standards our clients are subject to – because that is what they require, and it is what the market demands.
Take the European telecom market as an example – one of our clients operates under extremely strict telecommunications laws, which mandate rigorous technical and organisational security measures. These requirements extend beyond the telecom operator itself and apply directly to their vendors, including us. Thanks to our alignment with frameworks like NIS2 and other global standards, we are already well-positioned to meet – and exceed – such country-specific compliance demands.
Looking ahead, what do you see as HORISEN’s biggest challenge and opportunity in this space?
Nemanja: The expectations in our industry are rising fast. Regulators in the EU and the U.S. are continuously updating their frameworks, especially around AI and data privacy. Soon, any company that processes personal data or serves large clients will have no choice – they will either be compliant or be left behind. Our biggest opportunity is to lead in this space.
We want to stay in the first league, and that means standing out not only for our products, but for how secure and compliant our operations are. The more measures we implement now, the stronger our market position becomes.
Final thoughts – what’s the one thing you would emphasise to others thinking about compliance and security?
Nemanja: Never treat compliance as a checkbox. Treat it as a culture. You can have the best tools in the world, but without appropriate leadership, GRC program and trained, aware people, it does not mean much. Compliance gives us trust, credibility, and competitive strength. But it is people who make it possible.
HORISEN’s approach to compliance and information security, and privacy proves that being proactive, not reactive, is the only way forward. With continuous investment in both regulatory alignment and internal education, the company is not only meeting today’s challenges – it is preparing for tomorrow’s.
“Compliance earns trust – but it’s the knowledge and growth of our teams that make it sustainable and scalable.” – Nemanja Miljkovic
Contact our security experts to learn more about HORISEN’s compliant messaging technology.
