Outsourcing Governance Manager

Manager Outsourcing Governance

Location: Hyderabad | Function: Risk Management | Reports to: HeadERM/ORM

Key Responsibilities

1. Framework & Policy

Maintain and periodically update the Board-approved Outsourcing Policy and SOPs; embed materiality criteria, risk taxonomy, and approvals matrix.

Support in executing the Outsourcing Committee cadence (agenda, packs, minutes, actions) and ensure annual policy review and Board presentation.

2. Planning & Materiality Assessment: Classify activities (core/prohibited vs. permitted support services) and determine materiality thresholds, document rationale.

3. Due Diligence & On-boarding: Lead risk-based due diligence on service providers (financial, legal, reputational, operational, info-sec, privacy, BCP/DR, HR/background checks) and ensure conflict-of-interest checks and arm's-length pricing for related parties.

4. Contracts & Controls: Standardize MSA templates with Legal: ensuring risk mitigation measures along with mandatory clauses for audit/ inspection rights (insurer & IRDAI), confidentiality, data protection, sub-contracting controls, performance-based SLAs, exit/transition, and incident reporting timelines.

5. Performance Monitoring: Ensure vendor SLAs are being monitored quarterly; and functions are addressing the service lapses, complaints, security incidents, and regulatory breaches pertains to Outsourcing.

6. Risk, Resilience & Security Coordinate TPRM assessments with InfoSec/ IT Risk (VAPT/ ISMS controls), BCP/DR testing, cyber incident handling, and data-transfer controls (incl. cross-border).

Ensuring the TPRM Risk automation covers the through due diligence, adherence and governance

7. Regulatory Reporting & Record keeping

Prepare returns/annexures (e.g., annual outsourcing return with top vendors & payouts) and maintain records for the prescribed retention period.

Keep an Outsourcing Register (inventory of all arrangements, classifications, contract dates, locations, data flows, sub-processors).

8. Change Management

Govern scope changes, new technologies (AI/automation), and sub-contracting; re-perform risk assessments on significant changes and ensuring transitions/exit management to avoid service disruption.

Train 1st-line owners (business/ operations/ CRESA) on what can/cannot be outsourced, materiality triggers, and when to involve Compliance/ Risk/ Legal/ InfoSec.

Requirements

Candidate Profile

Education: Graduate in Business/Finance/Engineering; preferred certifications: ISO 27001.

Experience: 35 years overall, with 2+ years in outsourcing governance/ TPRM/ vendor risk within Insurance/BFSI; familiarity with IRDAI norms mandatory.

Skills: Deep grasp of IRDAI outsourcing rules (prohibited/core functions, materiality, related-party controls, reporting/records), risk-based due diligence, SLA design, and contract clause negotiation (audit rights, confidentiality, exit/DR).

Benefits

1. Regulations require insurers to maintain documented governance, monitoring, audit rights, and risk controls over outsourced activities.

2. Outsourcing is a highly critical area during the regulatory inspections and IRDAI have taken many actions in this context of insurers due to lapses observed.

3. Complexity & Volume of vendors, we have multiple third parties across IT, claims processing, data services, BPM, field operations, and more.

4. Monitoring SLAs, audits, incident management, sub-contracting, and transitions is complex for a decentralized approach.

5. Risk Mitigation & Loss Prevention Gaps in vendor oversight expose us to operational, reputational, and cyber risk.

6. Governance & Audit Readiness External auditors and the internal audit team often flag outsourcing as a control risk.