top of page

Where Deep Expertise Meets Responsible Leadership

Over 28 years across enterprise technology, I have built practices, led transformations, and governed risk at scale — for organisations ranging from India's largest telecom operators to early-stage ventures. My expertise spans the intersection of AI, governance, compliance, and organisational leadership. I work with boards, CXOs, and founding teams who need rigorous thinking, not just advice.

AI Governance

AI governance is the discipline of deploying artificial intelligence with accountability, transparency, and measurable risk controls — not as an afterthought, but as a design principle. I help organisations build AI governance frameworks aligned to ISO 42001, NIST AI RMF, and emerging Indian regulatory guidance, ensuring that AI adoption creates competitive advantage without creating liability.

Cybersecurity Advisory

From ISO 27001 implementation to JAMA/JAPIA supply chain compliance and board-level cyber risk oversight, I bring hands-on advisory across the full security lifecycle. I help organisations design defensible security architectures, build incident response capabilities, and translate technical risk into language that boards and audit committees can act on.

DPDP Act & GDPR Compliance

India's Digital Personal Data Protection Act 2023, with Rules notified in November 2025, requires organisations to appoint Data Fiduciaries, implement consent mechanisms, and operationalise data principal rights — with meaningful penalties for non-compliance. For organisations with EU exposure, I provide simultaneous GDPR alignment alongside DPDP compliance — ensuring a single integrated data protection framework rather than two parallel workstreams.

Digital Transformation

Digital transformation fails when it is treated as a technology project rather than a business redesign programme. Having led cloud adoption, enterprise digital, and application modernisation programmes at Vodafone India, HCL, and Insight, I bring a delivery-grounded perspective — cutting through vendor noise to build change that sticks, scales, and delivers measurable ROI.

Fractional CXO

Growing organisations rarely need a full-time CXO on day one — they need one when critical decisions are on the table. As a Fractional CXO, I embed with leadership teams to own technology and business strategy, evaluate build-vs-buy decisions, govern vendors, navigate compliance, and translate ambition into executable roadmaps — delivering C-suite leadership without the overhead of a permanent hire.

Board Advisory & Independent Directorship

Boards today face unprecedented complexity — AI risk, data regulation, cybersecurity liability, ESG reporting, and digital strategy — often without technology-literate directors to interrogate management. As an IICA-certified Independent Director (IDDB-DI-202412-067674), I bring technology governance fluency to board deliberations, helping directors ask the right questions and build appropriate oversight structures.

FinOps & Technology Financial Management

Cloud costs left unmanaged compound quickly; software licence sprawl quietly erodes margins. I help technology and finance leaders implement FinOps frameworks and Software Asset Management (SAM) disciplines that bring cloud spend under governance, eliminate redundant licences, and build a repeatable Technology Financial Management practice aligned to business outcomes.

POSH Compliance & Workplace Safety

Prevention of Sexual Harassment compliance is a legal obligation and a culture signal — organisations that treat it as a checkbox exercise pay the price in trust and liability. As a certified POSH trainer (ISTD), I design awareness programmes, support Internal Committee constitution, and conduct policy audits that build genuinely safer workplaces, not just documented ones.

Skill Development & Capacity Building

Through Navasaksham Foundation and CAST India, I design and deliver vocational and professional skill development programmes aligned to PMKVY and national qualification frameworks. I work with corporates, NGOs, and government partners to build sustainable training ecosystems — focusing on outcomes (employment, income, capability) rather than certificate counts.

Technology Due Diligence

Every board appointment, acquisition, PE investment, and GCC expansion involves a critical question that rarely gets a rigorous answer: is the underlying technology sound, and where is the hidden risk? I conduct structured technology due diligence assessments covering architecture integrity, technical debt, security posture, vendor concentration, compliance gaps, and team capability — translating complex technical reality into clear, board-readable findings.

GCC Oversight & Governance

India's Global Capability Centre boom has created a governance gap — parent companies often lack visibility into how their Indian operations make technology, data, and vendor decisions. I advise GCC leadership and their global parent boards on oversight architecture, operational governance frameworks, and the right escalation structures to align local delivery with global risk appetite.

Technology Go-to-Market & Customer Segment Strategy

Building a technology business requires fundamentally different approaches across customer segments — enterprise, public sector, and SMB each demand distinct sales motions, delivery models, compliance postures, and governance structures. Drawing on experience spanning India's largest telecom operator, national government programmes, and MSME advisory across India and global markets, I help technology leaders and founders design go-to-market strategies, segment-specific service offerings, and scalable delivery frameworks that work across the full customer spectrum.

India

"AI without governance is liability, not leverage."

© 2026 Dheeraj Malhotra. All rights reserved.

bottom of page