Outsourcing Governance Manager

kshema general insurance limited

Hyderabad, India

3-5 Years

Save

Posted 13 hours ago
Be among the first 10 applicants

Early Applicant

Job Description

Manager – Outsourcing Governance

Location: Hyderabad | Function: Risk Management | Reports to: Head–ERM/ORM | Type: Full-time

Key Responsibilities

Framework & Policy
Maintain and periodically update the Board-approved Outsourcing Policy and SOPs; embed materiality criteria, risk taxonomy, and approvals matrix.
Support in executing the Outsourcing Committee cadence (agenda, packs, minutes, actions) and ensure annual policy review and Board presentation.
Planning & Materiality Assessment: Classify activities (core/prohibited vs. permitted support services) and determine materiality thresholds, document rationale.
Due Diligence & On-boarding: Lead risk-based due diligence on service providers (financial, legal, reputational, operational, info-sec, privacy, BCP/DR, HR/background checks) and ensure conflict-of-interest checks and arm's-length pricing for related parties.
Contracts & Controls: Standardize MSA templates with Legal: ensuring risk mitigation measures along with mandatory clauses for audit/ inspection rights (insurer & IRDAI), confidentiality, data protection, sub-contracting controls, performance-based SLAs, exit/transition, and incident reporting timelines.
Performance Monitoring: Ensure vendor SLAs are being monitored quarterly; and functions are addressing the service lapses, complaints, security incidents, and regulatory breaches pertains to Outsourcing.
Risk, Resilience & Security
Coordinate TPRM assessments with InfoSec/ IT Risk (VAPT/ ISMS controls), BCP/DR testing, cyber incident handling, and data-transfer controls (incl. cross-border).
Ensuring the TPRM Risk automation covers the through due diligence, adherence and governance
Regulatory Reporting & Record keeping
Prepare returns/annexures (e.g., annual outsourcing return with top vendors & payouts) and maintain records for the prescribed retention period.
Keep an Outsourcing Register (inventory of all arrangements, classifications, contract dates, locations, data flows, sub-processors).
Change Management
Govern scope changes, new technologies (AI/automation), and sub-contracting; re-perform risk assessments on significant changes and ensuring transitions/exit management to avoid service disruption.
Train 1st-line owners (business/ operations/ CRESA) on what can/cannot be outsourced, materiality triggers, and when to involve Compliance/ Risk/ Legal/ InfoSec.

Requirements

Candidate Profile

Education: Graduate in Business/Finance/Engineering; preferred certifications: ISO 27001.

Experience: 3–5 years overall, with 2+ years in outsourcing governance/ TPRM/ vendor risk within Insurance/BFSI; familiarity with IRDAI norms mandatory.

Skills: Deep grasp of IRDAI outsourcing rules (prohibited/core functions, materiality, related-party controls, reporting/records), risk-based due diligence, SLA design, and contract clause negotiation (audit rights, confidentiality, exit/DR).

Benefits

Regulations require insurers to maintain documented governance, monitoring, audit rights, and risk controls over outsourced activities.
Outsourcing is a highly critical area during the regulatory inspections and IRDAI have taken many actions in this context of insurers due to lapses observed.
Complexity & Volume of vendors, we have multiple third parties across IT, claims processing, data services, BPM, field operations, and more.
Monitoring SLAs, audits, incident management, sub-contracting, and transitions is complex for a decentralized approach.
Risk Mitigation & Loss Prevention Gaps in vendor oversight expose us to operational, reputational, and cyber risk.
Governance & Audit Readiness External auditors and the internal audit team often flag outsourcing as a control risk.