CISO Trainings , Governance & Risk Management , Training & Security Leadership
Does the CISO Need a Board Seat?
Wipro CISO Sunil Varkey Weighs In on the Evolving Role of the CISOWith increasing digitization in business and heavy dependence on technology, the security leader's contributions have become valuable for any board or senior management. But should the CISO have a seat on the board? Sunil Varkey, CISO at the major Indian IT services company Wipro, says that isn't essential.
See Also: A CISO's Guide to Hiring & Engaging High-Value Security Professionals
"Boards have a completely different scope of operation than just security and therefore, a CISO having a seat at the table might not be something that makes a lot of sense," he says in a video interview with Information Security Media Group. The CISO's advice will help businesses make the right decisions to cover risk, and as long as that happens, the rest doesn't really matter, he says.
Strong support from the management is a must for any information security mandate to be successful, Varkey says. A huge part of this success hinges on the change management aspect, for which, management support is crucial, especially when moving into more advanced activities such as incident response (see: 4 Questions the Board Must Ask Its CISO).
"Incident response is not just an IT activity, it's a business activity - IT is only an enabler. You will be providing adequate information to the business to make informed decisions. There are multiple stakeholders involved and it's going to be a team effort, and management support is of tremendous value," he says.
The information security field could prove very rewarding for young professionals, he adds.
In this video interview Varkey shares insight on:
- The CISO-board dynamic;
- The nuances of managing a global security team; and
- The next generation of security practitioners.
Varkey has more than 22 years of IT and information assurance leadership experience withomg banking, telecom, information technology enterprises and manufacturing businesses in the United States, Middle East and India. He has published and presented various articles related to information assurance domain globally.