Posted By



Assistant Manager at Careerist

Last Login: 05 February 2019

Job Views:  
Applications:  78
Recruiter Actions:  4

Posted in

IT & Systems

Job Code


Head - Vendor Management & Outsourcing Governance - IT Domain - BFSI

13 - 18 Years.Mumbai
Posted 7 years ago
Posted 7 years ago


Job Name : Head - Vendor & Outsourcing Governance Year: 2016

Grade: D3

Reports to : Head - IT Governance

Department : IT Governance


Summarise briefly, the purpose of the role :

- This position is created for oversight of vendor engagements / Outsourcing undertaken in IT and BTG, and will be responsible for ensuring that due-diligence is undertaken while selecting vendors and making decisions to outsource activities, and manages the overall service provider risk management program.

- This role will also conduct governance over utilization and overall accounting of Licenses procured and put to use by the IT Department.



List the expected end results that must be achieved in order to fulfil the job purpose and the activities that help in achieving these results.


- Due diligence in selection of service providers and outsourcing activities and outsourcing risk assessment

- Maintain a central repository of all Outsourcing engagements and their materiality classifications

- Assess whether following steps were carried out before decision on outsourcing:

- Determine the benefits and risks of outsourcing an activity and whether it is in line with the bank's outsourcing strategy

- Consider availability of qualified and experienced service providers for conducting this activity

- Ability and feasibility of the Bank to maintain oversight on the activity once it is outsourced

- Financial health, reputation, benchmarking of the service provider with peers, Operations and Internal control environment, concentration risk and single point of failure analysis

- Contract provisions (Legal terms are reviewed separately by a set of experts) - Check completeness of support, maintenance and service level agreement

- Check whether Insurance coverage requirements are considered

- Methodology for arriving at Compensation - variable charges, other charges, COLA etc.

- Whether Regulatory implications of sharing data with vendors are considered

- Prepare and circulate MIS / exception reports to senior management

- Monitor compliance to regulatory requirements related to outsourcing

Ongoing Controls assessment :

- Supplier Risk Assessment as per extant policy and process

- Assess Operational and internal controls for offsite service providers

- Whether all staff working onsite are accounted for, any changes to staff are carried out after informing PM

- Assess whether SLA is monitored

- AMC calculation and governance over payments to vendors

- System access given to vendors

Outsourced staff checks :

- Confirmation on Background checks for all on-site staff

- Disciplinary issues tracking

- Labour laws compliance

- Space occupied by vendor vis-a-vis staff at any location

- Physical access to locations

License utilization Maintain Governance over :

- Infrastructure software license usage and renewal (security, OS / DB)

- Endpoint license (functional - MS office, LoNo etc. as well as security - AV, DLP, IEM etc)

- Application license usage and renewal

Assess risk of license non-compliance due to :

- Use of software on servers which are not appearing on ALCM

- Inadvertent inclusion of unlicensed software on asset as part of base installation image

- Failure to remove footprint while removing license software from systems after expiry of license

- Inconsistencies in central license inventory

- Linkages of license usage with AMC and other payments

- Reconciliation of usage vis-a-vis license procurement agreement terms


List the data points, which will reflect the scope and scale of activities concerning the job.

(These should be quantifiable numerical amounts)

Outsourcing Monitoring :

- Review database of 200+ supplier engagements and 1200+ outsourced resources (excluding infosec) to ascertain scope for supplier relationship management (currently 42 vendors are in scope)

- Assess contract / SoW amendments (132 documents processed last year by Contracts team) and agreement renewals / new agreements (40 contracts last year) for risks associated with contracts

- Identify critical vendor engagements and create annual review cycle and program for review of operational controls, SLA review etc. as mentioned in table above

- Develop review cycle and assessment program for license compliance for data center (OS / DB / Application) and end user devices

Description of the Relationships and Roles :

Working relationships held by the role (Internal and External)

Internal :

- Department: IT and BTG for data centre, Bankwide for EUC

- Upwards: Unit Heads

- Sideways: Peers across departments

- Downwards: Operational teams in IT

External : Consultants, auditors


- State the minimum acceptable proficiency for the job.

Do not state incumbent-specific information


Essential : Chartered Accountant, Post Graduate degree in Financial Management

Preferable : Chartered Accountant, CISA / CISM / CRISC / ISO 27001 Lead auditor


- 13-17 years of overall work experience

- 5-7 years of experience in the Banking Industry, esp. in Enterprise Risk / Audit / Governance / Operational Risk

- 2-3 years of experience in vendor / outsourcing monitoring


- Good written and spoken communication skills

- Good project management skills.

Didn’t find the job appropriate? Report this Job

Posted By



Assistant Manager at Careerist

Last Login: 05 February 2019

Job Views:  
Applications:  78
Recruiter Actions:  4

Posted in

IT & Systems

Job Code



My Learning Centre

Explore CoursesArrow