Enterprise Resiliency and Recovery Director
The Enterprise Resiliency & Recovery Director is responsible for overseeing and implementing resilience, continuity, and response capabilities to safeguard employees, customers, products, and services. Disruptions or incidents can interrupt the bank's operations and can have a broader impact on the financial sector. The Enterprise Resiliency & Recovery Director will create and lead an enterprise-wide approach addressing the continuity of business operations throughout the overall entity: technology, business operations, testing, and communication strategies focusing on the continued maintenance of systems and controls for the resilience of operations. This team is responsible for helping the lines of business prepare and adapt to changing conditions and withstand and recover rapidly from disruptions while achieving safety and soundness, consumer financial protection and compliance with applicable laws, regulations, and rules. Disruptions or incidents may include Physical events (physical safety and security, natural disasters, or man-made disasters), Third-Party Events (impacting our key suppliers or external partners), Malicious activity (cyber-attacks, blackmail, or sabotage), Technical events (equipment and software failures, communication, or power failures) or high impact events (like international events, terrorist attacks, or pandemic events).
Position Responsibilities:
Governance
- Creates and maintains enterprise and business level crisis and incident management protocols including defining crisis and incident management teams, their roles and responsibilities, decision making authority, how to report an event, escalation, communication procedures, and deployment of recovery protocols. Prepare reports on business resiliency and incidents metrics for board and regulatory consumption. Conduct and measure business continuity plans success against threats and vulnerabilities against the business.
Incident Response Team
- The Incident Response Team thinks through the end-to-end impact and involvement with Colleagues, Customers, Third-Party Service Providers, Law Enforcement, Regulatory Agencies, Board and Senior Management, and the Media. Takes the lead on managing / quarterbacking the incident for the bank, allowing the businesses to focus on executing their plans. Leads and documents updates from various Lines of Business until the incident is resolved and normal business operations resume. Manages the use and wording of messages for notification systems including Everbridge and call trees.
Business Continuity Planning
- Partners with the business to develop business continuity plans including identification of critical business processes, assessment of their risk tolerance and sensitivity to a business disruption, supports response and recovery activities, establishes business continuity testing and exercise methodologies, and conducts training. Addresses people, process, technology, and facility issues. Map dependencies between functions, processes, technology assets, and other internal and external participants. Prioritize criticality and establish restorations targets. Stays on top of industry strategies, provides guidance to the business units, and details and consistent change management process. Inventories the bank's critical assets, infrastructure, third-party service providers and services, and geographic locations.
- Overseeing business impact assessments (BIA) and developing criticality structure to define business critical processes, people, and technologies.
Position Qualifications:
- Bachelor's degree from an accredited university or in lieu of a bachelor's degree a High School Diploma or GED and 6 years of related experience in the Financial Services Industry
- 10 or more years Financial Services experience, banking preferred
- 10 or more years Developing, implementing, and managing business continuity programs and plans
- 10 or more years Assessing organizational risk, recommending resiliency/recovery strategies, and executing training and exercises
- 8 years Working with and across various business units on resilience and recovery plans
- 8 years Knowledgeable of risk related control frameworks and practices and regulatory requirements
Licenses & Certifications
- Preferred: Industry certification in one or more of the following: BCI, PMI, CCSA, CISA, CA, CCSP, ISC, ITIL, etc
Category C - Days in the office will either be designated days or will vary week to week from 2-5 days
8:00am - 5:00pm Monday - Friday
To Be Determined Based on Individual Experience