Third-Party Risk Management Lead

Manager – Outsourcing Governance

Location : Hyderabad | Function : Risk Management | Reports to : Head–ERM / ORM

Key Responsibilities

1. Framework & Policy

• § Maintain and periodically update the Board-approved Outsourcing Policy and SOPs;

embed materiality criteria, risk taxonomy, and approvals matrix.

§ Support in executing the Outsourcing Committee cadence (agenda, packs, minutes, actions) and ensure annual policy review and Board presentation.

2. Planning & Materiality Assessment : Classify activities (core / prohibited vs. permitted support services) and determine materiality thresholds, document rationale.

3. Due Diligence & On-boarding : Lead risk-based due diligence on service providers (financial, legal, reputational, operational, info-sec, privacy, BCP / DR, HR / background checks) and ensure conflict-of-interest checks and arm’s-length pricing for related parties.

4. Contracts & Controls : Standardize MSA templates with Legal : ensuring risk mitigation measures along with mandatory clauses for audit / inspection rights (insurer & IRDAI), confidentiality, data protection, sub-contracting controls, performance-based SLAs, exit / transition, and incident reporting timelines.

and functions are addressing the service lapses, complaints, security incidents, and regulatory breaches pertains to Outsourcing.

6. Risk, Resilience & Security

7. Regulatory Reporting & Record keeping

8. Change Management

re-perform risk assessments on significant changes and ensuring transitions / exit management to avoid service disruption.

Requirements

Candidate Profile

preferred certifications : ISO 27001.

familiarity with IRDAI norms mandatory.

Skills : Deep grasp of IRDAI outsourcing rules (prohibited / core functions, materiality, related-party controls, reporting / records), risk-based due diligence, SLA design, and contract clause negotiation (audit rights, confidentiality, exit / DR).

Benefits

1. Regulations require insurers to maintain documented governance, monitoring, audit rights, and risk controls over outsourced activities.

2. Outsourcing is a highly critical area during the regulatory inspections and IRDAI have taken many actions in this context of insurers due to lapses observed.

3. Complexity & Volume of vendors, we have multiple third parties across IT, claims processing, data services, BPM, field operations, and more.

4. Monitoring SLAs, audits, incident management, sub-contracting, and transitions is complex for a decentralized approach.

5. Risk Mitigation & Loss Prevention Gaps in vendor oversight expose us to operational, reputational, and cyber risk.

6. Governance & Audit Readiness External auditors and the internal audit team often flag outsourcing as a control risk.