Advertisement
Search

V.V. Subba Raju: From Uncertainty to Unbreakable

V.V. Subba Raju in a formal blue suit posing confidently with arms crossed, featured in Business World Eureka.
V.V. Subba Raju - Senior Director, CISO – APAC & India at NTT DATA Business Solutions

When businesses began embracing digital transformation, few anticipated the magnitude of challenges that would come with it, with cyber threats growing smarter, regulations tightening, and the pressure to stay always-on in a hyper-connected world. For many leaders, it became a constant struggle to keep up. But for V.V. Subba Raju, it was a call to lead. 

With over 27 years of experience, Subba Raju’s journey has been defined by his ability to turn complexity into clarity. From the early days of managing IT infrastructure to now spearheading cybersecurity and compliance initiatives across the APAC region, he has consistently led from the front. Today, as Senior Director, CISO – APAC & India at NTT DATA Business Solutions, he orchestrates a delicate balance between innovation, risk, and resilience. 

What sets him apart isn’t just his technical expertise; it’s his ability to align IT with business vision. Whether it’s leading large-scale cloud migrations or implementing frameworks like ISO 27001, GDPR, and TISAX, Subba Raju ensures every decision supports the broader organizational goal. His background in sales enablement, P&L management, and global delivery gives him a unique edge; he speaks the language of both the boardroom and the backend. 

Recognized with industry accolades like Next100 CIO, Super 50 CISO, and CISO Platform 100, his work has made a measurable impact. With certifications like CISM, CISA, CRISC, and ITIL Expert under his belt, he remains committed to building secure, scalable ecosystems where businesses don’t just survive but thrive. 

Leading with Trust: Subba Raju’s Vision for Cybersecurity in APAC

For Subba Raju, a multi-award-winning CISO, the domain of cybersecurity in the APAC & India region is not just evolving; it’s transforming at a pace that demands more than just technical expertise. It calls for a deep understanding of regional dynamics, business alignment, and above all, the ability to lead with trust. As sectors like finance, healthcare, manufacturing, and governance undergo rapid digital transformation, innovation walks hand in hand with rising complexities, and it’s in this space that Raju thrives. 

He sees cybersecurity leadership not as a back-office function but as a strategic pillar of the business. It’s no longer just about safeguarding infrastructure; it’s about shaping boardroom conversations, embedding security into the DNA of an organization, and nurturing a culture where security is not an afterthought but a shared responsibility. In a region as diverse as APAC, where mature markets sit beside emerging ones, this means adapting to local compliance needs like PDPA and DPDPA while staying rooted in global standards such as ISO 27001, TISAX, and GDPR. 

But regulation is just one part of the equation. The real challenge, he believes, lies in the region’s striking contrasts. Each country, India, Malaysia, Indonesia, and Australia, brings its own set of laws, cultures, and expectations. Harmonizing policies across such a mosaic, while maintaining consistency, is both an art and a science. 

Then comes the question of maturity. Unlike Western markets with more consistent readiness, APAC presents a wide spectrum, where some organizations are just beginning their cybersecurity journey. Here, Subba Raju adopts a localized, risk-based approach, meeting each business where it is, without compromising on long-term resilience. 

Equally nuanced is the human factor. In a region marked by cultural richness, driving awareness is not about enforcement; it’s about connection. Through tailored communication, empathy, and continuous engagement, he works to shift mindsets, not just processes. 

And while the digital world grows more connected, so do the threats. Geopolitical tensions, supply chain vulnerabilities, and cross-border data flows are no longer hypothetical risks, they are realities. To navigate this, Raju leans on zero trust architecture, rigorous vendor governance, and real-time monitoring—ensuring that every link in the chain holds strong. 

But perhaps the most human challenge of all is talent. In APAC, where cybersecurity professionals are in high demand, especially beyond the metros, retention becomes critical. Raju doesn’t just build teams; he builds futures. Through mentorship, cross-skilling, and thoughtful succession planning, he creates an environment where people grow, stay, and lead. 

In his eyes, to lead cybersecurity in APAC is to constantly balance the global with the local, the technical with the human, and the urgent with the meaningful. It’s about building systems, yes, but more importantly, building trust. Trust in technology, trust in culture, and trust in leadership that understands not just the risks of today but the possibilities of tomorrow. 

Aligns Operational Efficiency with Information Security

Subba Raju believes that balancing operational efficiency with robust information security in rapidly scaling organizations is both a discipline and a mindset. With over 27 years of experience across IT infrastructure, cloud, and cybersecurity, he views efficiency and security not as opposing forces but as complementary levers when integrated correctly. 

He embeds security controls natively into every stage of IT infrastructure evolution, be it cloud migration, application rollout, or endpoint deployment. During Azure and AWS cloud transformations, he implemented zero trust architecture, secure DevOps (DevSecOps), and cloud-native SIEM tools to ensure agility without compromising governance. 

Rather than treating governance frameworks like ITIL, ISO 27001, and TISAX as overhead, he uses them to streamline processes. Aligning incident management with ISO controls, for instance, led to faster response times while enhancing audit readiness. 

His decision-making is rooted in a risk-based approach that allocates protection based on business impact. This ensures critical assets are secured while operational workflows remain agile and efficient. 

To support scalability, Subba Raju invests in intelligent automation across patch management, log analysis, and user provisioning. Security operations are tightly integrated with NOC and ITSM tools, enabling continuous monitoring and eliminating manual bottlenecks. 

He also fosters a culture of shared accountability, ensuring both IT and business units view security as a joint responsibility. Through awareness programs, executive reporting, and KPIs that reflect uptime and risk posture, he cultivates a security-first mindset without delaying delivery. 

For Subba Raju, the goal is never to choose between excellence and protection, it’s to build systems and teams where both accelerate growth while managing risk. 

Ransomware Threat in 4 Hours Without Data Loss

During his tenure at one of the organizations, Subba Raju encountered a critical security incident, a ransomware threat triggered by a phishing attack targeting a third-party vendor’s credentials. The compromised account attempted to infiltrate company’s internal systems through a weakly secured API channel used for application integration. 

Demonstrating decisive leadership, Subba Raju immediately activated the Incident Response Plan (IRP) aligned with ISO 27001 protocols. He ensured rapid containment by isolating impacted systems, blocking suspicious IPs, and disabling API access across all partner integrations. 

He led a cross-functional war-room involving DevOps, Infrastructure, SOC, Legal, and the affected vendor. Using SIEM and forensic tools, the team quickly traced the threat’s origin and movement. Micro-segmentation, already in place, enabled swift containment, preventing any data exfiltration. He also enforced emergency multi-factor authentication for all third-party accounts. 

Subba Raju kept communication transparent. He delivered real-time updates to the Board and CXOs, documented a detailed Root Cause Analysis (RCA), and completed compliance reporting within the required timeframe, ensuring stakeholder confidence was maintained. 

The incident reinforced several critical lessons: third-party risk remains a major vulnerability; a well-rehearsed incident response prevents panic; and post-incident improvements are essential. Following the event, Subba Raju implemented a Vendor Security Scorecard, expanded Zero Trust practices, and introduced API Gateways with anomaly detection. 

The outcome spoke volumes: the threat was neutralized within four hours, no data was compromised, and operations continued uninterrupted. This incident validated his team’s readiness and strengthened Company’s overall security posture. 

Driving Innovation with Compliance

In his role as Data Protection Officer (DPO) in India, Subba Raju adopts a pragmatic and forward-thinking approach to ensure compliance with regulations like GDPR and local data privacy laws, without compromising on innovation. 

He embeds privacy-by-design principles into every innovation initiative, ensuring that GDPR fundamentals such as data minimization, purpose limitation, and user consent are integrated from the outset. For instance, during the rollout of digital healthcare workflows, he implemented role-based access, data masking, and consent-based data sharing, enabling patient-centric solutions while staying compliant. 

Operating in a region marked by regulatory diversity, he has created a compliance matrix that harmonizes GDPR, India’s DPDPA, and other local laws. This unified framework empowers teams to build once and comply across jurisdictions, reducing redundancies while addressing regional legal nuances. 

Subba Raju views governance as a catalyst, not a constraint. By involving privacy teams early in the innovation lifecycle, he anticipates regulatory challenges and offers compliant architectural alternatives, helping teams move faster with confidence. 

To support scalability, he has driven the automation of critical compliance workflows like DSARs, PIAs, and consent management. These tools reduce manual effort, enhance consistency, and ease audit pressures. 

He also fosters a culture of privacy through regular awareness programs, role-specific playbooks, and operational SOPs that integrate privacy into daily functions, from marketing to DevOps. This approach has enabled the successful launch of several innovative cloud, healthcare, and BPO solutions, achieving zero non-compliances in external audits and earning strong trust from regulators, customers, and partners. 

Fostering a Unified Security Culture Across Geographies 

Subba Raju emphasizes that building and maintaining a strong security culture across diverse teams and geographies goes beyond tools and training, it’s about making security a shared value aligned with business goals and regional nuances. 

He begins by positioning security as a business enabler rather than a blocker. By aligning InfoSec objectives with broader business outcomes, such as customer trust, regulatory compliance, and operational resilience, he ensures that teams across functions understand the purpose behind security initiatives. 

Recognizing the cultural and linguistic diversity of the APAC region, Subba Raju leads the creation of localized, role-specific training modules. These are designed to be relevant to developers, support teams, and leadership alike, often customized in regional languages and contextual examples. 

He actively engages senior leadership and business unit heads through regular briefings on security posture, key risks, and metrics. This involvement turns top-level leaders into advocates of secure practices, ensuring a consistent security culture throughout the organization. 

To sustain engagement, he incorporates gamification through initiatives such as phishing simulation leaderboards, “Secure Team of the Month” recognitions, and scenario-based drills. These programs help transform compliance into an engaging and curiosity-driven effort. 

Security is embedded into daily workflows, from secure code review checklists to Just-in-Time access controls, helping teams develop secure habits without feeling restricted. Additionally, Subba Raju maintains feedback loops via surveys, anonymous reporting, and regional InfoSec champions, allowing for cultural sensitivity and continuous refinement. 

This holistic approach has elevated InfoSec maturity across NTT DATA Business Solutions, reduced preventable incidents, and enabled successful completion of external audits like TISAX and ISO 27001, with high user-level compliance and strong cross-regional engagement. 

Staying Ahead of Cyber Threats with Intelligence-Driven Security 

Subba Raju follows a proactive, intelligence-driven strategy to stay ahead of emerging cyber threats. He integrates real-time threat feeds, adopts Zero Trust Architecture, and embeds DevSecOps practices into all new deployments.  

Emerging technologies like XDR, SOAR, and AI-based threat detection are piloted and modularly integrated into the organization’s security framework to maintain agility without added complexity. Regular VAPT, continuous training, and cross-regional collaboration help build a security-first culture that is both resilient and adaptive to future threats. 

Operationalizing Security in Service Management 

Subba Raju, a seasoned leader in ITIL framework implementation and cybersecurity, treats IT service management (ITSM) as a strategic enabler of robust security practices. His approach reflects a seamless alignment between ITIL best practices and cybersecurity goals. 

He integrates Incident Management with SIEM workflows, ensuring that security incidents are managed with the same rigor as IT issues. Each incident is logged, escalated appropriately, and resolved with detailed root cause analysis. 

Change Management is conducted under strict security oversight. Every change is evaluated for risk, potential impact, and rollback planning, minimizing the risk of vulnerabilities through misconfigurations or unauthorized deployments. 

In Problem Management, recurring issues are cross-mapped with threat intelligence to uncover underlying security risks, transforming operational data into proactive defense strategies. 

Through the Service Catalog, he enforces principles of least privilege and identity management. This ensures secure onboarding, provisioning, and de-provisioning of users, tightly aligned with compliance requirements. 

Finally, Subba Raju embeds cybersecurity KPIs into Continual Service Improvement (CSI) initiatives. Metrics like patch compliance, response times, and audit preparedness are monitored consistently to maintain cyber hygiene. 

By embedding security into ITIL processes, Subba Raju ensures that cybersecurity becomes part of daily operations, systematic, and measurable, and without compromising service delivery speed. 

 

Explore more insightful articles, interviews, industry news, and business magazines on our website. Click here to stay informed and inspired!

Latest Editions

Welcome to Business World Eureka, your premier destination for global business intelligence. We are a leading digital magazine platform, committed to delivering the latest business insights, trends, technologies, news and press releases from across the globe.

Reach out us on

info@businessworldeureka.in

Quick Links

Newsletter

Subscribe to Our Email Newsletter
For Latest Updates!

Follow us

©Copyright at Business World Eureka 2025 | All Rights Reserved