Job Description

– Head of IT Governance, Risk & Compliance (GRC)

Location Mumbai, India

Reporting To CTO

The Head of IT GRC will lead the enterprise-wide governance, risk, and compliance agenda for IT across Kotak Bank. This role is responsible for establishing a robust governance framework, ensuring strict regulatory adherence, and driving a risk-aware culture aligned with business strategy. As a key member of senior leadership, the incumbent will act as a trusted advisor to the Board and Executive Committees, ensuring IT risks are effectively managed, regulatory expectations are proactively addressed, and governance practices are best-in-class.

Key Responsibilities

1. Enterprise GRC Leadership & Governance

• Define and own the enterprise-wide IT GRC strategy, framework, and operating model aligned with RBI, SEBI, and global regulatory standards.
• Provide leadership oversight for all IT policies, governance frameworks, standards, and SOPs across the organization.
• Chair or contribute to Board-level governance forums, Risk Committees, and IT Steering Committees.
• Ensure strong alignment between IT governance practices and corporate governance principles.

2. Policy Strategy, Design & Oversight

• Drive formulation, approval, and periodic review of enterprise-wide IT and GRC policies.
• Ensure policies reflect evolving regulatory expectations, emerging risks, and global best practices.
• Establish robust policy lifecycle management, version control, and audit readiness mechanisms.
• Provide authoritative interpretation of regulatory guidelines for executive decision-making.

3. Enterprise Risk & Regulatory Compliance Leadership

• Own the IT risk management framework, ensuring integration with enterprise risk and ICAAP frameworks.
• Act as the primary interface for regulators (RBI, SEBI, etc.) on IT governance, cybersecurity, and compliance matters.
• Anticipate regulatory changes and emerging risks, guiding proactive mitigation strategies.
• Ensure consistent adherence to Basel III principles, IT risk frameworks, and regulatory mandates.

4. Process Excellence, Transformation & Digitization

• Drive enterprise-wide standardization and optimization of governance and compliance processes across businesses and subsidiaries.
• Lead digitization and automation initiatives for policy management, compliance tracking, and risk reporting.
• Enhance operational efficiency by simplifying governance workflows and eliminating redundancies.

5. Strategic Advisory & Stakeholder Management

• Serve as a strategic advisor to the Board, CEO, CIO, CRO, and senior leadership on IT risk, governance, and compliance matters.
• Build strong partnerships across Risk, Compliance, Legal, Audit, Technology, and Business units.
• Influence and drive organization-wide adoption of governance frameworks and risk culture.
• Represent the Bank in regulatory discussions, industry forums, and external audits.

6. Monitoring, Reporting & Assurance

• Establish enterprise dashboards, KRIs/KPIs, and MIS frameworks to track IT governance effectiveness.
• Provide periodic insights and reports to Board Committees and senior management.
• Ensure timely escalation of critical risks and compliance gaps.
• Drive continuous improvement based on audit findings, regulatory inspections, and industry benchmarks.

7. Team Leadership & Capability Building

• Build, lead, and mentor a high-performing IT GRC function across multiple domains.
• Develop leadership pipeline and specialized capabilities within GRC, risk analytics, and compliance.
• Foster a culture of accountability, integrity, and continuous learning.

Qualifications & Experience

• Postgraduate / MBA / CA / CS / LLB or equivalent professional qualification.
• 22–30 years of experience in Governance, Risk & Compliance, IT Risk, or Risk Consulting, with deep exposure to Banking / Financial Services.
• Proven leadership experience in driving enterprise-scale governance and compliance programs.
• Strong expertise in RBI regulations, Basel III, ICAAP, IT Risk Management, and enterprise governance frameworks.
• Prior experience in senior leadership roles managing large GRC or risk functions is essential.

Skills & Competencies

• Strong strategic orientation with the ability to align regulatory requirements with business goals.
• Executive-level communication and influencing skills, including Board interaction.
• Deep expertise in policy formulation, regulatory interpretation, and risk governance.
• Strong leadership and stakeholder management across complex organizational structures.
• High analytical capability to identify systemic risks, control gaps, and process inefficiencies.
• Familiarity with advanced GRC platforms, risk analytics, and regulatory intelligence tools.

Key Performance Indicators (KPIs)

• Effectiveness and maturity of enterprise IT GRC framework.
• Reduction in regulatory observations, audit findings, and compliance breaches.
• Timeliness and quality of policy lifecycle management.
• Strength of risk culture and governance adoption across business units.
• Quality of Board-level reporting and strategic insights on IT risk.
• Successful regulatory inspections and supervisory reviews.