Head - Vendor Management & Outsourcing Governance - IT Domain - BFSI

JOB DESCRIPTION :

Job Name : Head - Vendor & Outsourcing Governance Year: 2016

Grade: D3

Reports to : Head - IT Governance

Department : IT Governance

JOB PURPOSE :

Summarise briefly, the purpose of the role :

- This position is created for oversight of vendor engagements / Outsourcing undertaken in IT and BTG, and will be responsible for ensuring that due-diligence is undertaken while selecting vendors and making decisions to outsource activities, and manages the overall service provider risk management program.

- This role will also conduct governance over utilization and overall accounting of Licenses procured and put to use by the IT Department.

ORGANISATIONAL CHART :

PRINCIPLE ACCOUNTABILITIES :

List the expected end results that must be achieved in order to fulfil the job purpose and the activities that help in achieving these results.

EXPECTED END RESULTS MAJOR ACTIVITIES :

- Due diligence in selection of service providers and outsourcing activities and outsourcing risk assessment

- Maintain a central repository of all Outsourcing engagements and their materiality classifications

- Assess whether following steps were carried out before decision on outsourcing:

- Determine the benefits and risks of outsourcing an activity and whether it is in line with the bank's outsourcing strategy

- Consider availability of qualified and experienced service providers for conducting this activity

- Ability and feasibility of the Bank to maintain oversight on the activity once it is outsourced

- Financial health, reputation, benchmarking of the service provider with peers, Operations and Internal control environment, concentration risk and single point of failure analysis

- Contract provisions (Legal terms are reviewed separately by a set of experts) - Check completeness of support, maintenance and service level agreement

- Check whether Insurance coverage requirements are considered

- Methodology for arriving at Compensation - variable charges, other charges, COLA etc.

- Whether Regulatory implications of sharing data with vendors are considered

- Prepare and circulate MIS / exception reports to senior management

- Monitor compliance to regulatory requirements related to outsourcing

Ongoing Controls assessment :

- Supplier Risk Assessment as per extant policy and process

- Assess Operational and internal controls for offsite service providers

- Whether all staff working onsite are accounted for, any changes to staff are carried out after informing PM

- Assess whether SLA is monitored

- AMC calculation and governance over payments to vendors

- System access given to vendors

Outsourced staff checks :

- Confirmation on Background checks for all on-site staff

- Disciplinary issues tracking

- Labour laws compliance

- Space occupied by vendor vis-a-vis staff at any location

- Physical access to locations

License utilization Maintain Governance over :

- Infrastructure software license usage and renewal (security, OS / DB)

- Endpoint license (functional - MS office, LoNo etc. as well as security - AV, DLP, IEM etc)

- Application license usage and renewal

Assess risk of license non-compliance due to :

- Use of software on servers which are not appearing on ALCM

- Inadvertent inclusion of unlicensed software on asset as part of base installation image

- Failure to remove footprint while removing license software from systems after expiry of license

- Inconsistencies in central license inventory

- Linkages of license usage with AMC and other payments

- Reconciliation of usage vis-a-vis license procurement agreement terms

DIMENSIONS :

List the data points, which will reflect the scope and scale of activities concerning the job.

(These should be quantifiable numerical amounts)

Outsourcing Monitoring :

- Review database of 200+ supplier engagements and 1200+ outsourced resources (excluding infosec) to ascertain scope for supplier relationship management (currently 42 vendors are in scope)

- Assess contract / SoW amendments (132 documents processed last year by Contracts team) and agreement renewals / new agreements (40 contracts last year) for risks associated with contracts

- Identify critical vendor engagements and create annual review cycle and program for review of operational controls, SLA review etc. as mentioned in table above

- Develop review cycle and assessment program for license compliance for data center (OS / DB / Application) and end user devices

Description of the Relationships and Roles :

Working relationships held by the role (Internal and External)

Internal :

- Department: IT and BTG for data centre, Bankwide for EUC

- Upwards: Unit Heads

- Sideways: Peers across departments

- Downwards: Operational teams in IT

External : Consultants, auditors

SKILLS AND KNOWLEDGE :

- State the minimum acceptable proficiency for the job.

Do not state incumbent-specific information

PFB the EDUCATIONAL QUALIFICATIONS :

Essential : Chartered Accountant, Post Graduate degree in Financial Management

Preferable : Chartered Accountant, CISA / CISM / CRISC / ISO 27001 Lead auditor

RELEVANT EXPERIENCE :

- 13-17 years of overall work experience

- 5-7 years of experience in the Banking Industry, esp. in Enterprise Risk / Audit / Governance / Operational Risk

- 2-3 years of experience in vendor / outsourcing monitoring

PERSONAL CHARACTERISTICS & BEHAVIOURS :

- Good written and spoken communication skills

- Good project management skills.