Hexaware Technologies has appointed cybersecurity veteran Sunil Varkey as Executive Vice President and Chief Information Security Officer, strengthening its leadership bench at a time when enterprises are increasing focus on cyber resilience, governance and digital risk management.
The appointment was announced in June 2026. In his new role, Varkey will be responsible for strengthening Hexaware’s enterprise cybersecurity strategy, governance and risk management frameworks. He will operate from Chennai under a hybrid model, according to the announcement.
Varkey brings more than three decades of experience in cybersecurity leadership across banking, telecom, IT services, software and manufacturing sectors. His career has covered India, the Middle East and the United States, with roles spanning cyber governance, security architecture, risk and compliance, incident response, DevSecOps, cloud security, privacy management and business continuity planning.
Before joining Hexaware, Varkey worked as a cyber security consultant and advisor at TAHAKOM in Riyadh, Saudi Arabia, between June 2023 and March 2025. In that role, he worked with the organisation’s security leadership to strengthen cyber resilience and improve its security posture.
Prior to that, he served as Vice President and Chief Technology Officer for EMEA and APJ at Forescout Technologies from April 2021 to November 2022. His work there focused on IT and operational technology security strategy, enterprise advisory, product positioning and stakeholder engagement across markets.
Varkey also held the position of Managing Director and Global Head of Cyber Security Assessments and Testing at HSBC in Hyderabad from March 2020 to January 2021. In that role, he led a 300-member team handling penetration testing, threat modelling, vulnerability management and third-party security risk assessments.
His earlier leadership roles include CTO and Security Strategist for the Middle East, Africa and Eastern Europe at Symantec, Global CISO at Wipro, CISO at Idea Cellular, VP of Security Engineering at Barclays, and senior global security positions at GE Capital, Genpact and other multinational organisations.
The appointment comes as cybersecurity has become a board-level priority for technology services firms and their clients. With enterprises accelerating cloud adoption, AI-led automation and digital transformation programmes, security leaders are increasingly expected to manage not only infrastructure protection but also regulatory compliance, data governance, incident readiness and risk visibility across distributed environments.
For Hexaware, which provides IT services and digital transformation solutions across application development, cloud, automation, data analytics and enterprise operations, the CISO role is central to protecting internal systems and supporting client trust. The company works with businesses across multiple sectors, where security expectations have become more stringent due to rising cyberattacks, data privacy requirements and third-party risk exposure.
Varkey’s experience across banking, telecom and technology services is likely to support Hexaware’s security agenda as the company continues to expand its digital services portfolio. His background in assessments, testing, architecture and governance also aligns with the growing demand for proactive cyber risk management, where organisations are moving from reactive controls to continuous monitoring and resilience planning.
The role of the CISO has also evolved from a technical function to a wider business leadership position. Security chiefs are now expected to work closely with boards, legal teams, regulators, delivery units and customer-facing teams to ensure that cybersecurity is embedded into business operations.
Industry observers have noted that cybersecurity appointments are becoming more frequent as companies prepare for risks linked to AI systems, cloud migration, identity attacks, supply chain vulnerabilities and stricter regulatory scrutiny. In this context, Hexaware’s appointment of Varkey signals an emphasis on experienced leadership and structured cyber governance as part of its enterprise technology strategy.
As he takes charge, Varkey is expected to focus on strengthening security resilience, risk oversight and cyber readiness across Hexaware’s operations.