CISO , Governance

Does the CISO Need a Board Seat?

Wipro CISO Sunil Varkey Weighs In on the Evolving Role of the CISO

With increasing digitization in business and heavy dependence on technology, the security leader's contributions have become valuable for any board or senior management. But should the CISO have a seat on the board? Sunil Varkey, CISO at the major Indian IT services company Wipro, says that isn't essential.

See Also: Balancing Fraud Detection & the Consumer Banking Experience

"Boards have a completely different scope of operation than just security and therefore, a CISO having a seat at the table might not be something that makes a lot of sense," he says in a video interview with Information Security Media Group. The CISO's advice will help businesses make the right decisions to cover risk, and as long as that happens, the rest doesn't really matter, he says.

Strong support from the management is a must for any information security mandate to be successful, Varkey says. A huge part of this success hinges on the change management aspect, for which, management support is crucial, especially when moving into more advanced activities such as incident response (see: 4 Questions the Board Must Ask Its CISO).

"Incident response is not just an IT activity, it's a business activity - IT is only an enabler. You will be providing adequate information to the business to make informed decisions. There are multiple stakeholders involved and it's going to be a team effort, and management support is of tremendous value," he says.

The information security field could prove very rewarding for young professionals, he adds.

In this video interview Varkey shares insight on:

  • The CISO-board dynamic;
  • The nuances of managing a global security team; and
  • The next generation of security practitioners.

Varkey has more than 22 years of IT and information assurance leadership experience withomg banking, telecom, information technology enterprises and manufacturing businesses in the United States, Middle East and India. He has published and presented various articles related to information assurance domain globally.


About the Author

Varun Haran

Varun Haran

Associate Editor, ISMG

Haran has been a technology journalist in the Indian market for over six years, covering the enterprise technology segment and specializing in information security. He has driven multiple industry events such as the India Computer Security Conferences (ICSC) and the first edition of the Ground Zero Summit 2013 during his stint at UBM. Prior to joining ISMG, Haran was first a reporter with TechTarget writing for SearchSecurity and SearchCIO; and later, correspondent with InformationWeek, where he covered enterprise technology-related topics for the CIO and IT practitioner.




Around the Network