The purpose of this job is to achieve quality assurance and information security objectives for the Operations team in line with the enterprise & operational risk frameworks, drive process compliance to regulatory guidelines by establishing internal controls. The purpose of this role is to also act as the risk, compliance & audit champion for BSLI Operations and to also carry out an independent appraisal of the effectiveness of the policies, procedures and standards.
Job Context: The purpose of this job is to achieve quality assurance and information security objectives for the Operations team in line with the enterprise & operational risk frameworks, drive process compliance to regulatory guidelines by establishing internal controls. The purpose of this role is to also act as the risk, compliance & audit champion for BSLI Operations and to also carry out an independent appraisal of the effectiveness of the policies, procedures and standards.
Job Challenges: • Accurately interpreting imprecise and frequent regulatory changes for planning, communicating and ensuring implementation through diverse stakeholders within time and resource constraints.
- Ensuring completeness of internal audits within the stipulated timelines, planning organizing and close looping internal/external audits, given diverse nature of the stakeholders having varied priorities.
- Conducting an extensive process compliance review for internal controls for branches and HO processes across the country becomes a key operational & logistical challenge as the review includes interaction with vertical heads, function head and zonal managers
- Directing stake holders to manage unpredictable external events like frauds, requirements from statutory bodies such as IRDA, SEBI, CBI, Parliament, income tax department, Ministry of finance etc and simultaneously ensuring no disruption in regular time-bound activities.
- Institutionalise discipline and control environment through best practices in a vast geography and a rapid expansion mode
- Convincing the auditors who at times lack understanding about the processes and its historical evolution in order to ensure precise audit reporting in an objective manner.
KRA (Accountabilities) (Max 1325 Characters)
Supporting Actions (Max 1325 Characters)
KRA1
Develop data governance framework within operations, authorize application access rights, oversees user id management so as to ensure information security is met in line with organizational objectives and needs.
1. Assesses the access rights given to all verticals so as to ensure confidential data is accessed by only authorised personnel and limited access is provided based on job role.
2. Ensure application id creation, access right modification and application id deletion is accurately & timely executed
3. Monitor reconciliation of application ids on a monthly basis
4. Appraise business partners are provided with application access only on need basis and a proper risk assessment is established.
5. Define and attain a safe mechanism to share client data with external stake holders.
6. Define and develop segregation of responsibility in applications and maker & checker at processes.
KRA2
Develop and maintain a quality assurance and process assessment framework so as to ensure appropriate compliance of all applicable laws, regulations and policies
1. Assess, recommend and advise operations on compliance issues and regulatory risks that result in operational efficiency and control effectiveness relevant to insurance industry.
2. Approve and sign off on new and enhanced processes
3. Escalate potential delays/ red flags/ non-compliance's to leadership teams.
4. Facilitate regulatory audit for operations in nature of onsite inspection, observation clearances and timely closure of audit.
5. To conduct any reviews or tasks requested by management, protection of policy holder’s committee, managing director, leadership team, provided such reviews and tasks do not compromise the independence or objectivity
6. Strategize plan of action in conducting due diligence for business initiatives and new ventures.
KRA3
Define, establish and evaluate enterprise and operational risk mitigation strategies which is in line with risk philosophy of BSLI and monitor the key risk on a periodic basis.
1. Ensure key enterprise risks are identified; mitigation strategies are defined & evaluated and thereafter monitored on a periodic basis.
2. Monitor the operational risk frameworks such as operational loss reporting, Risk and control self assessment (RCSA), key risk indicators are conducted and assessed as planned, in collaboration with stakeholders.
3. System impact study on regulatory / process changes and ensure there is no misuse of system vulnerabilities by employees in any unauthorised manner.
4. Review the Information classification Policy for record retention on a periodic basis to ensure correct classification is ensured in the dynamic business environment and confidential documents are easily retrievable in disruption of services.
KRA4
Define, establish and evaluate enterprise and operational risk mitigation strategies which is in line with risk philosophy of BSLI and monitor the key risk on a periodic basis.
5. Assess business impact of key processes, develop and evaluate recovery measures in the event of disruption of services
6. Facilitate fraud investigation in order to identify the root cause, to plug the process gaps, to deploy controls and thus to minimise recurrence of frauds.
7. Achieve awareness of operational risk frameworks through communication/training of key resources across operations.
8. To conduct any reviews or tasks requested by management, risk management committee, managing director, leadership team, provided such reviews and tasks do not compromise the independence or objectivity.
KRA5
To plan, develop and maintain an effective Audit Framework that will assess control weakness in a manner that fulfils the goals of BSLI
1. Develop and design Internal Audit Policies & Procedures for all verticals under operations, as deemed necessary, and in conjunction with the BSLI internal audit team
2. Ensure comprehensive, timely and accurate reporting / presentation of audit findings to all key and related stakeholders with the objective of providing reasonable assurance that the organisational risks have been managed effectively
3. Develop, achieve and maintain a framework to evaluate root cause of the deviation, mitigation of risk associated with audit observation, implementation of the action management action plan within the set target date.
4. To conduct any reviews or tasks requested by management, audit committee, managing director, leadership team, provided such reviews and tasks do not compromise the independence or objectivity
KRA6
To ensure that the quality assurance team possess the adequate knowledge, skills and competence required to discharge their duties effectively
1. Motivate the team, developing their technical risk skills as well as soft skill competencies to improve effectiveness and productivity year-over-year.
2. Build transparent and robust career progression plans for team members to ensure that the team is geared up to deliver on consistent basis and the quality assurance function acts as a value proposition for its team members
3. Create a working relationship with employees and management staff which allows for accomplishing the desired goals of the quality frameworks on a timely basis.
