Sr. Manager, Governance & Controls

Sr. Manager, Governance & Controls

Sr. Manager, Governance & Controls


Exprience: 5 - 7 years

Location: Bengaluru

Job description


  • Provides leadership and direction to Governance Controls team to ensure the delivery and continuous improvement of GC services
  • Develop, mentor, and lead a high-performing staff of Governance Controls experts who have an advanced level of attention to detail
  • Provides direct leadership to the GC team by setting, communicating, and modeling high standards of performance and professionalism, maintaining a high level of work ethic and personal credibility with staff, and demonstrating consistent, sound judgment
  • Inspires change and provides overall leadership to improve efficiencies and process simplification
  • Possess a commitment to the excellence of others through actions that support the growth and development that optimizes the talent of individual team members
  • Ensure staff is knowledgeable and trained on professional matters. Provide supportive coaching; set achievable, challenging team goals; develop skills of team members to ensure achievement of client service priorities
  • Provide timely, ongoing and consistent direction, performance coaching and honest feedback through dialogs, mid-year snapshots, year-end appraisals and informal in-the-moment coaching
  • Invite and accept feedback from others and provide upward feedback
  • Responsible for own continual individual development and improving competencies including, communication, thinking and analyzing, business understanding, interpersonal, leadership, management, and self-awareness
  • Promote consistency and fairness; maintain open door policy and facilitate open dialogue. Identify and timely address employee relations and performance concerns within team; collaborate with People Solutions and management to support effective and appropriate resolution. Participate in recruiting for department, including drafting position descriptions
  • Maintain a staffing model to determine the number of resources required to meet the demand volume of work within OLA guidelines and an efficient level of staff productivity

Governance and Controls Responsibilities

  • Oversee governance of technology, vendor management, and Information Security ensuring alignment with Altisource policies and standards, relevant laws, regulations, ISO, NIST and industry standards and minimizing the risk of audit findings.
  • Have an understanding of legal and regulatory requirements relating to technology, vendor management, Information Security and data privacy risk management and ensure the organizations framework is designed and implemented accordingly
  • Define, implement, and maintain the Governance Controls program through understanding control requirements and industry standards
  • Define metrics and reporting strategies that effectively communicate successes and progress of the GC program; provide regular, timely reporting on the GC status, highlighting risks and proposing remediations as needed
  • Balance Governance Controls needs with the organizations strategic business plan, identifying risk factors with evolving business plans, and proposing mitigating solutions
  • Define, develop, and implement capabilities to manage third party technology and Information Security risks
  • Ensure all risk assessments
  • are conducted with appropriate analysis and reporting; provide strategic recommendations based on results
  • Provide oversight of all technology, vendor management and Information Security compliance and risk related reporting including but not limited to presentations for the COC, CMC and TISC
  • Oversee GC serving as single point of contact coordination of all internal/external audits, due diligence exercises and RFP responses, acting as a layer of protection between technology, vendor management, and Information Security subject matter experts and the auditors
  • Perform and direct risk assessments (i.e., protected information privacy and security audits, policies and procedures, trends analyses, audits, projects and violation investigations) as needed to ensure processes are working as documented and proper controls are in place to monitor compliance
  • Advise regarding technology, vendor management and Information Security risk and control areas, such as regulatory, external audit and risk management processing, including conducting periodic risk assessments
  • Oversee IT control testing of processes to ensure processes are working as documented, collaborating with stakeholders to meet all requirements and avoid audit findings
  • Ensure Findings and Risks are tracked as needed in a single repository, tracking and reporting out on adherence to identified remediation dates
  • Devise and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers
  • Liaise with Internal Audit, Legal, People Solutions and Corporate Compliance to remediate new and outstanding issues; tracks technology and security-related issues.
  • Develop vendor risk and vulnerability assessment programs and questionnaires to aid in the identification and mitigation of security and privacy risk, comprehending both annual reviews and zero day risks
  • Provide oversight of responding to all client ad hoc audit requests in a timely manner meeting customer deadlines
  • Work with the compliance team to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory and client contractual requirements
  • Provide remediation recommendations and/or recommend alternate solutions to resolve gaps against policies and standards
  • Proactively identify technology, vendor management and Information Security deficiencies or opportunities for improvement to better enable security at the global level
  • Serve as communication and escalation path for technology, vendor management and Information Security issues identified by internal technology teams or the Lines of Business themselves
  • Maintain an annual schedule and calendar for all Governance Controls testing, customer audits, and internal and external audits; ensure all impacted Lines of Businesses are informed and prepared for planned activities
  • Conducts risk assessments to properly analyze the risks to information assets
  • Work with management to prioritize risks based on appropriate risk management methodology
  • Assist in training and support for all areas related to vendor management information security. Is an advocate of vendor management and information security policies and procedures with all personnel and external clients and auditors
  • Govern administration activities handled by groups other than Information Security and the Service Desk such as access management, to ensure that strong controls are maintained while continuing to meet appropriate service levels


  • Bachelor s degree or equivalent experience in a governance, risk or compliance related discipline
  • 5 or more years experience with building Governance, Risk and Controls programs including experience managing staff
  • Expert understanding of information security best practices such as NIST, ISO 27001, SOC, SOX, SSAE
  • Strong IT Governance, Controls, Risk and Compliance experience with knowledge of local and international privacy laws and proficiency with common privacy regulations including GDPR and CCPA
  • Inclusive leadership and teamwork skills
  • Results-oriented, values collaboration, self-motivated
  • Preferably hold a certification such as Certified Risk Information Systems Control (CRISC) or Certified Governance of Enterprise IT (CGEIT)
  • Strong experience and understanding of Altisource s technology and Information Security policies and standards
  • The ability to articulate highly technical information for real world business impact to all levels of the Company
  • The ability to translate business initiatives into actionable tasks and/or programs
  • Experience with negotiating contracts with technology vendors
  • Strong critical thinking, management, interpersonal and collaborative skills, multi-tasking and organizational skills
  • Excellent written and verbal communication skills, especially the ability to communicate security and risk-related concepts to both technical and non-technical audiences who do not have a technology or security background
  • Audit, risk management and risk advisory experience
  • Proven understanding of audit and technology risk drivers along with the associated controls to ensure clear understanding of priorities by all stakeholders as well as establishing appropriate expectations and understanding of trade-offs
  • Can articulate risks, challenges, and impacts in a way that is understandable and measurable

Role: IT Audit

Industry Type: Real Estate

Department: IT & Information Security

Employment Type: Full Time, Permanent

Role Category: IT Infrastructure Services


UG: Any Graduate

PG: Any Postgraduate

Key Skills

(i) RFP

(ii) ISO 27001

About company

Altisource Portfolio Solutions S.A. (NASDAQ: ASPS) is an integrated service provider and marketplace for the real estate and mortgage industries. Combining operational excellence with a suite of innovative services and technologies, Altisource helps solve the demands of the ever-changing markets we serve.