Job Description & How to Apply Below
Job Description
Kotak Institutional Equities is India’s leading institutional brokerage and electronic trading businesses, providing execution, research, algorithmic trading, DMA, and derivatives trading solutions across Indian capital markets.
Position Summary
We are seeking an experienced Technology Governance, Risk & Compliance (IT GRC) professional to establish and drive a robust technology governance framework across the organization. This role will be responsible for ensuring continuous compliance with regulatory requirements, Exchange (NSE/BSE), SEBI technology guidelines, cybersecurity frameworks, and internal IT governance standards.
The incumbent will partner closely with Infrastructure, Information Security, Application Development, Dev Ops, Network, Product, Business, Risk and Compliance teams to ensure technology controls are embedded into day-to-day operations, making the organization audit-ready at all times.
This is a highly visible role requiring strong technical understanding, governance expertise, stakeholder management, and regulatory awareness.
Key Responsibilities
Technology Governance
Develop, implement and continuously improve the organization’s IT Governance framework.
Establish governance processes covering Infrastructure, Applications, Networks, Cloud, Information Security and IT Operations.
Define and maintain IT policies, standards, procedures and control frameworks.
Ensure governance processes are aligned with business objectives and regulatory expectations.
Regulatory & Technology Compliance
Own end-to-end compliance for technology-related regulatory requirements including:
NSE System Audit
SEBI Technology & Cyber Security Circulars
CERT-In advisories
Information Security standards
Internal Technology Policies
Responsibilities include:
Performing regulatory impact assessments
Maintaining compliance matrices
Tracking implementation of regulatory changes
Monitoring compliance status across IT functions
Coordinating regulatory submissions and audit responses
Audit Management
Act as the primary IT coordinator for:
NSE System Audits
Internal Audits
External Audits
Information Security Audits
Regulatory Inspections
Responsibilities include:
Audit planning
Evidence collection
Audit coordination
Management responses
Corrective Action Plans (ATR)
Closure tracking
Prevention of repeat observations
Technology Risk Management
Maintain the Technology Risk Register.
Identify operational and technology risks.
Perform risk assessments.
Monitor mitigation plans.
Track residual risks.
Escalate high-risk issues to senior management.
Present periodic risk dashboards.
Change & Release Governance
Establish governance around:
Change Management
Release Management
Production Deployment
Emergency Changes
Configuration Management
Ensure:
Proper approvals
Risk assessment
Testing evidence
Rollback planning
Production sign-offs
Documentation completeness
SDLC & Dev Sec Ops Governance
Partner with development teams to ensure:
Secure SDLC practices
Code review governance
Segregation of Development, UAT and Production
Release approvals
Version management
Application documentation
Security testing
Change traceability
IT Control Monitoring
Implement continuous monitoring of critical controls including:
User Access Reviews
Privileged Access
Patch Compliance
Vulnerability Remediation
Backup Verification
Disaster Recovery
Capacity Management
Vendor Compliance
Infrastructure Health
Configuration Reviews
Policy & Process Management
Develop and maintain IT policies including:
Information Security Policy
Change Management Policy
Patch Management Policy
Backup Policy
Incident Management
Vendor Management
Access Management
Secure SDLC
Business Continuity
Disaster Recovery
Ensure annual review and management approval.
Compliance Reporting
Develop executive dashboards covering:
Regulatory compliance status
Audit observations
Patch compliance
Critical vulnerabilities
Technology risks
Policy review status
Change success rate
Control effectiveness
DR readiness
Open action items
Vendor Governance
Ensure technology vendors comply with:
Internal security standards
Regulatory expectations
Security assessment requirements
Version management
Support lifecycle
Vulnerability remediation timelines
Cross-functional…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×