Kevin Khan

Managing Director

Kevin is global leader of Protiviti's Technology Governance and Risk Management practice. Kevin brings experience in operational risk across the lines of defense, CIO / CISO strategy, and advanced analytics, with a deep financial services background in technology, operations, and front-office processes.

Previously, Kevin was Global Head of Operational Risk Assessment and Intelligence for Technology Risk Management at a Global Investment Bank. Before that, he was a Founder and Principal Consultant serving clients in the financial services technology, investment banking and biopharma industries. Earlier, he held a series of senior leadership roles that supported technology operations, strategy, and advanced analytics.

Major Projects & Roles

  • Designed, architected, staffed and managed portfolio of emerging and operational risk management services, including analysis of threats, vulnerabilities, controls and resulting risks using NIST SP 800-30, IRAM and internal standards.
  • Assess emerging & heightened threats in the industry leveraging ISF insights, new technology areas assessments, review of high-risk Firewall exceptions, ongoing advisory and security consultancy for critical IT projects going through standard SDLC.
  • Perform, peer review and sign off on IT risk assessments on operational software and infrastructure as well as new and emerging innovations (blockchains, artificial intelligence, robotics solutions).
  • Re-engineered investment governance framework and processes for Institutional Securities & Wealth Management Technology portfolio, inclusive of designing new business case tools / process, execution governance reporting and chairing mandatory change the bank investment funding / prioritisation meetings.
  • Established and managed Total Cost of Ownership framework inclusive of system spends, application investment lifecycle, controllable vs. uncontrollable costs and infrastructure volumes for Technology CIO Office.
  • Lead the design and operationalisation of delivery metrics program and dashboards, enabling client to quantify organisational progress against management objectives; defined key measures across risk, program delivery, organisational design, et al; identified data sources, and developed flexible data model to facilitate monthly reporting.
  • Managed COO office activities, inclusive of operational risk oversight, audit response, and capital planning process and financials for IT Portfolio inclusive of CTB, RTB investments and management challenges.

Areas of Expertise

  • IT Strategy & Analytics
  • Enterprise Risk Management
  • Risk Assessment Methodologies
  • Business & Technology Transformation
  • Financial Modeling & Analysis
  • Investment Governance
  • Global Portfolio & Program Management

Industry Expertise

  • Financial Services
  • Investment Banking
  • Healthcare


  • B.S. – Business & Technology Management
  • M.S. – Management of Technology
  • M.B.A. – Finance
  • Doctorate, Applied Computing (ABD)