Manager: Business Continuity, Information and IT Risk Management
One of the largest financial services groups, operating in 20 countries across Africa is looking for a Manager: Business Continuity, Information and IT Risk Management.
This resource person will have to implement Business Continuity Management (BCM), Information and IT Risk Management across CIB Mauritius, in line with the Operational Risk Management Framework.
The main responsibilities involve:
- Contribute to the development and maintenance of the CIB enterprise-wide business continuity management (BCM), information and information technology (IT) risk programs, policies and standards, ensuring alignment with the Operations Risk Management strategy, frameworks, policies and standards, to protect the Bank against violation of applicable Business, Legal, IT and Regulatory requirements regulations.
- Proactively partner with business representatives to develop, coordinate, maintain and enhance comprehensive BCM, information and IT risk management action plans to maintain continued operations and secure the businesses ability to recovery from and mitigate the effects of any unforeseen disruption to facilities, technology systems, or applications. Develop and facilitate the use of methodologies metrics and scorecards for all components of the programs.
- Act as the subject matter expert for business continuity management, information, and IT risk management, providing expert guidance ad direction and end to end advice to key stakeholders within the business, to ensure alignment with CIBs enterprise-wide business continuity management program and quality standards. Participate in relevant external forum / industry education and networking events to keep abreast of current and future threats, industry best practices and trends.
- Work with business continuity stakeholders in the business to facilitate the development, documentation and implementation of disaster recovery, BCM, information and IT risk plans, tools and instructional guidelines. Coordinate the identification of risk, deliver risk self-assessments, analysis and ratings and guide managers on appropriate risk controls in line with business resilience standards. Coordinate the establishment and implementation of work area recovery site plans and validate third party recovery plans in accordance with the recovery priority agreement.
- Design, schedule, coordinate and facilitate regular enterprise wide evacuation, business resilience exercises, disaster recovery practices and trial runs to enable and prepare the business functions and crisis teams for action, in accordance with their criticality, capabilities and risk profile (includes coordination of evacuation checklists, briefing and de-briefing sessions, post exercise communications and reporting).
- Continuously monitor business continuity, information and IT risks across CIB. Conduct scheduled reviews of applications, systems, underlying infrastructure and key technology processes to determine compliance and control gaps. Perform periodic reviews and tests of established BCM, information and IT risk plans, procedures and controls to establish the adequacy of existing controls, track control efforts and ensure alignment with business risk appetite and recovery priorities.
- Document and maintain up-to-date, functional, fit for purpose business continuity, information, and IT Risk plans, requirements, standards, treatment strategies, tools, templates and procedures, make these accessible to users and communicate all associated requirements (including Epidemic, Pandemic, Emergency Management, Crisis Management and Elections Readiness plans).
- Create and deliver multichannel education, training and information sharing sessions to establish dialogue, promote awareness, build capability and enable employees fulfil their assigned responsibilities.
- Report findings (from analysis, review and test work) to management to provide a holistic, accurate and complete view of the business continuity, information and IT risks profile. Prepare and submit a monthly dashboard and Program of Work update report timeously and accurately, in line with CIB Risk Management requirements, policies and quality standards. Make recommendations for improvements as needed.
- Degree in IT or related field.
- Security certifications such as CompTIA Security +, CIRSA, CISSP, CISA, CCNA or equivalent or working towards certification is preferred.
- Minimum of 6 years of relevant work experience planning and implementing organisation-wide processes and procedures for the management of operational risk and business continuity, crisis management, or disaster recovery with a focus on conducting business impact analysis and vulnerability assessments.
- Experience administering IT security controls in an organisation, as well as knowledge of information security risk and information technology risk is critical. IT internal audit experience is preferred, as is experience working in a global / multinational enterprise, coupled with working in emerging markets.