Vendor Governance Officer IND

About us:
OsbIndia (OSBI) is an offshore subsidiary of OSB Group. OSBI was incorporated in 2004 as a key part of the OSB Group’s business strategy to provide operational service support. OSBI works with the Group’s trading brands in the UK, providing exceptional customer support and service delivery to new and existing customers.

OSBI also prides itself on offering operational excellence by devising and utilizing process improvements and functional efficiencies.

Job Purpose
Vendor Management team is a control function which overseas and reports on the effectiveness of vendor performance and risk management for the Group.

• Vendor Management is primarily responsible for executing the Group’s vendor management and outsourcing requirements in compliance with Group policies and business strategy.
• Ensure timely processing of risk assessments, risk acceptances, and ongoing monitoring of program compliance inline with the Group approved Vendor Management & Outsourcing policy and associated procedures.
• Assist the business in on boarding, ongoing monitoring, and exiting/ terminating relationships with vendors.
• Plan, deliver and report risk assessment activity over supplier arrangements with the intent to identify measure, mitigate and report key risks.
• Delivering continuing change into the business as policy and procedures evolve

Responsibilities

Required Responsibilities but not limited to:
Core responsibilities

1. Risk Assessment and Due Diligence:

• Conduct detailed risk assessments of third-party vendors and service providers, focusing on areas such as financial stability, security practices, regulatory compliance, and overall risk exposure.
• Perform initial and ongoing due diligence, gathering and analysing data from various sources to assess the risk profile of third-party entities.

2. Vendor Onboarding and Offboarding:

• Support the vendor onboarding process by conducting thorough risk evaluations and providing recommendations for approval or rejection.
• Manage the offboarding process of third-party vendors, ensuring proper documentation and risk mitigation steps are followed.

3. Monitoring and Reporting:

• Develop and maintain an up-to-date inventory of third-party relationships, including risk ratings and criticality assessments.
• Continuously monitor third-party performance and compliance through regular assessments, reviews, and audits.
• Prepare and present detailed reports and dashboards on third-party risk status, trends, and remediation efforts to senior management and other stakeholders.
• Report and publish Vendor Management KRI reporting at key governance forums on a monthly basis

4. Policy and Procedure Development:

• Assist in the development, implementation, and maintenance of third-party risk management policies, procedures, and guidelines.
• Ensure policies and procedures are aligned with industry best practices, regulatory requirements, and organizational goals.

5. Collaboration and Stakeholder Engagement:

• Work closely with procurement, legal, compliance, IT, Architecture team and other relevant departments to ensure third-party risk management processes are integrated and effective.
• Act as a liaison between the organization and third-party vendors, facilitating communication and resolving issues related to risk management.

6. Training and Awareness:

• Develop and deliver training programs to internal stakeholders on third-party risk management processes, tools, and best practices.
• Promote awareness of third-party risk management throughout the organization to ensure a culture of risk awareness and accountability.

7. Incident Response and Remediation:

• Assist in the investigation and resolution of incidents involving third-party vendors, including data breaches, compliance violations, and performance failures.
• Coordinate remediation efforts and ensure corrective actions are implemented and tracked.

8. Regulatory Compliance:

• Stay current with regulatory developments and industry standards related to third-party risk management.
• Ensure third-party risk management activities comply with applicable laws, regulations, and industry standards.

9. Continuous Improvement:

• Identify opportunities for improving third-party risk management processes, tools, and methodologies.
• Participate in projects and initiatives aimed at enhancing the efficiency and effectiveness of the third-party risk management program.

10. Data Analysis and Insights:

• Utilize data analytics to identify trends, patterns, and potential risks within the third-party ecosystem.
• Provide actionable insights and recommendations to mitigate identified risks and enhance the overall risk management framework.

Other Responsibilities

• Vendor Management forms processed and completed as per the Due Diligence Matrix of the Group Vendor Management & Outsourcing Policy (VM&O policy) with 100% accuracy and in-time to plan.
• Support the review of BCP/ DR and Contingency plan along with remediation action for the Group’s vendors by working with ROs, relevant stakeholders.
• Administratively manage monthly Vendor Management Committee and other key governance meetings (schedule meetings, build pack, draft minutes, and issue) by working with Line Manager (LM) and Functional Manager (FM)
• Maintain Vendor Management Group shared folder structure in accordance with Group record management policy.
• Assist and support the team in updating the Group’s vendor database with appropriate oversight/ approval with evidence on a monthly basis.
• Support LM and FM in all Audit open actions to be close as per the agreed timeline in 100% of the cases, without extensions.
• Support ROs in presenting Outsourcer Annual Report Document at Key governance forum on a monthly basis.
• Support vendor management ad hoc projects/ tasks (not part of BAU and Change initiatives) within the agreed timeline with LM and FM
• Support InfoSec Team in the review of IT Security questionnaire for vendors by liaising with Relationship owners (RO), Information Security team and vendor in line with VM&O policy and Information Security policy.
• Maintain the company’s compliance standards and ensure timely completion of all mandatory on-line training modules and attestations
• Accountability to ensuring best in class core vendor supplier risk analysis of applicable portfolio ensuring consistency with industry leading practices and conform to all the internal vendor procedure / policies and all related regulatory expectations.
• Active engagement key front line governance routine inclusive of strategic planning session, governance committees and business review.
• High awareness and adherence to the control environment including Quality Assurance and Quality Control.
• Maintain the company’s compliance standards and ensure timely completion of all mandatory on-line training modules and attestations

Experience Requirements

• Overall experience of 8 – 10 years, preferably in Banking and Financial Services
• At least 3-5 years of work experience in Third Party Risk Management roles and / or supply chain risk management, preferably in Banking and Financial Services
• Experience in a relationship and stakeholder management.

Knowledge Requirements

• Experience with vendor lifecycle and/or supplier management process, including knowledge of Third Party and outsourcing regulations, is a definitive advantage.
• Excellent success in supporting engagements or other problem-solving initiatives requiring coordination of cross-functional team members with varied backgrounds and skills.
• Good understanding of information security management, Data Privacy, IT service continuity, IT disaster recovery, business continuity management, and third-party control assurance
• Demonstrate sound understanding of risk and risk management processes and quality assurance.
• Knowledge of current applicable regulatory requirements relevant to regulated financial institutions (FCA, PRA, ICO)
• Proficient in PowerPoint, PowerBI, Excel, and key analytics tool (TPRM system)
• Strong interpersonal and communication skills (both written and verbal) and ability to work collaboratively, as one team.
• Ability to think laterally and develop new and innovative solutions to problems.
• Ability to effectively manage competing priorities.
• Ability to identify and implement process improvement opportunities

Required Qualifications/Certifications

• GSCE/GCE qualifications in both maths and English are essential
• Bachelor’s degree (graduate degree) is essential.
• Suitable qualification in risk management or quality assurance
• Certification or sound knowledge and understanding of continuous improvement methodologies (Ex: Lean, Six Sigma, FMEA)

Responsibilities re Information Security Management System (as per ISO 27001 Certification Requirements)

• Ensure strict adherence to company’s security policies and procedures (for ex: Password policy, clear screen and clear desk policy, etc.)
• Take ownership of all the assets/information assigned and secure it in compliance with ISO 27001 standards implemented in the company.
• Co-operate and co-ordinate for the internal audits conducted in the company (complying to ISO 27001 standard).
• Report to the Incident Response Manager, any incidents you come across in the office with regard to Security threats like threats to physical asset & stored information or any risks detrimental to the Security Policies of the company, etc.,.
• Responsible to supervise in ensuring that all personnel reporting to you shall observe all Security requirements and be appropriately trained in Security.

Why join OSBI?

We understand your career and how you progress is as unique as your individual personality. We've created a culture and an environment that encourages personal growth and offers our people opportunities to learn and succeed. Whether you're in the early stages of your career or already have an established profession, we're constantly seeking to hire talented individuals who want to make a difference and grow with us. We're a connected company working together to create a business in which we can all take pride and prosper.
If you want to know more about OSBI, please click on the website link: www.osb-india.com

To know more about OSBI culture please find us on Instagram @OSBINDIA

To find out more about the roles & updates please follow our LinkedIn Page www.linkedin.com/company/osbi.