JOB DESCRIPTION :
Job Name : Head - Vendor & Outsourcing Governance Year: 2016
Grade: D3
Reports to : Head - IT Governance
Department : IT Governance
JOB PURPOSE :
Summarise briefly, the purpose of the role :
- This position is created for oversight of vendor engagements / Outsourcing undertaken in IT and BTG, and will be responsible for ensuring that due-diligence is undertaken while selecting vendors and making decisions to outsource activities, and manages the overall service provider risk management program.
- This role will also conduct governance over utilization and overall accounting of Licenses procured and put to use by the IT Department.
ORGANISATIONAL CHART :
PRINCIPLE ACCOUNTABILITIES :
List the expected end results that must be achieved in order to fulfil the job purpose and the activities that help in achieving these results.
EXPECTED END RESULTS MAJOR ACTIVITIES :
- Due diligence in selection of service providers and outsourcing activities and outsourcing risk assessment
- Maintain a central repository of all Outsourcing engagements and their materiality classifications
- Assess whether following steps were carried out before decision on outsourcing:
- Determine the benefits and risks of outsourcing an activity and whether it is in line with the bank's outsourcing strategy
- Consider availability of qualified and experienced service providers for conducting this activity
- Ability and feasibility of the Bank to maintain oversight on the activity once it is outsourced
- Financial health, reputation, benchmarking of the service provider with peers, Operations and Internal control environment, concentration risk and single point of failure analysis
- Contract provisions (Legal terms are reviewed separately by a set of experts) - Check completeness of support, maintenance and service level agreement
- Check whether Insurance coverage requirements are considered
- Methodology for arriving at Compensation - variable charges, other charges, COLA etc.
- Whether Regulatory implications of sharing data with vendors are considered
- Prepare and circulate MIS / exception reports to senior management
- Monitor compliance to regulatory requirements related to outsourcing
Ongoing Controls assessment :
- Supplier Risk Assessment as per extant policy and process
- Assess Operational and internal controls for offsite service providers
- Whether all staff working onsite are accounted for, any changes to staff are carried out after informing PM
- Assess whether SLA is monitored
- AMC calculation and governance over payments to vendors
- System access given to vendors
Outsourced staff checks :
- Confirmation on Background checks for all on-site staff
- Disciplinary issues tracking
- Labour laws compliance
- Space occupied by vendor vis-a-vis staff at any location
- Physical access to locations
License utilization Maintain Governance over :
- Infrastructure software license usage and renewal (security, OS / DB)
- Endpoint license (functional - MS office, LoNo etc. as well as security - AV, DLP, IEM etc)
- Application license usage and renewal
Assess risk of license non-compliance due to :
- Use of software on servers which are not appearing on ALCM
- Inadvertent inclusion of unlicensed software on asset as part of base installation image
- Failure to remove footprint while removing license software from systems after expiry of license
- Inconsistencies in central license inventory
- Linkages of license usage with AMC and other payments
- Reconciliation of usage vis-a-vis license procurement agreement terms
DIMENSIONS :
List the data points, which will reflect the scope and scale of activities concerning the job.
(These should be quantifiable numerical amounts)
Outsourcing Monitoring :
- Review database of 200+ supplier engagements and 1200+ outsourced resources (excluding infosec) to ascertain scope for supplier relationship management (currently 42 vendors are in scope)
- Assess contract / SoW amendments (132 documents processed last year by Contracts team) and agreement renewals / new agreements (40 contracts last year) for risks associated with contracts
- Identify critical vendor engagements and create annual review cycle and program for review of operational controls, SLA review etc. as mentioned in table above
- Develop review cycle and assessment program for license compliance for data center (OS / DB / Application) and end user devices
Description of the Relationships and Roles :
Working relationships held by the role (Internal and External)
Internal :
- Department: IT and BTG for data centre, Bankwide for EUC
- Upwards: Unit Heads
- Sideways: Peers across departments
- Downwards: Operational teams in IT
External : Consultants, auditors
SKILLS AND KNOWLEDGE :
- State the minimum acceptable proficiency for the job.
Do not state incumbent-specific information
PFB the EDUCATIONAL QUALIFICATIONS :
Essential : Chartered Accountant, Post Graduate degree in Financial Management
Preferable : Chartered Accountant, CISA / CISM / CRISC / ISO 27001 Lead auditor
RELEVANT EXPERIENCE :
- 13-17 years of overall work experience
- 5-7 years of experience in the Banking Industry, esp. in Enterprise Risk / Audit / Governance / Operational Risk
- 2-3 years of experience in vendor / outsourcing monitoring
PERSONAL CHARACTERISTICS & BEHAVIOURS :
- Good written and spoken communication skills
- Good project management skills.
Didn’t find the job appropriate? Report this Job