Head of Group Business Resilience

  • Competitive
  • Manama, Capital Governorate, Bahrain
  • Permanent, Full time
  • Arab Banking Corporation
  • 08 Nov 18

Job Purpose:

This is a senior position with responsibility for the continuity of operations, disaster recovery, emergency preparedness, and crisis management across the Group.  Working closely with the Group CISO this role will increase focus on and further develop the Bank’s business resilience arrangements including Operational resilience, IT resilience, Cyber resilience, Business Continuity Management and Crisis & Communication Management.  The role is responsible for enhancing and managing the current resilience frameworks and plans in accordance with best practices, industry standards and regulatory requirements.  In addition, the job holder is responsible for leading the resilience efforts across the Group and expected to travel to other locations to provide leadership, guidance, support and coordinate the delivery of the Group business resilience strategy.

Principal Responsibilities, Accountabilities and Deliverables of Role:

  • Drive integration of various incident and resilience management arrangements to leverage the Bank’s resiliency capabilities, identify gaps and mitigate associated risks
  • Ensure Business Resilience compliance with industry standards and regulatory requirements
  • Lead the enhancement of current frameworks and the implementation of updated plans that improve resilience practices
  • Lead the implementation and adoption of new technologies that enhance the Bank’s disaster recovery arrangements
  • Work with Group IT regarding disaster recovery needs and ensure integration of concepts/design for existing/new systems including solutions hosted or to be hosted on the Cloud
  • Lead and implement a Group Strategy for Business Continuity Management in conjunction with Governance Committees and Senior Executives and stakeholders
  • Work with Department Heads regarding business continuity needs and ensure integration of concepts/design for existing/new applications and processes.
  • Work with Information Security and IT colleagues regarding emergency response to IT and security incidents, and ssupport the Group Crisis Management Team in times of crisis
  • Work with Corporate Communications and Data Protection colleagues regarding response to crisis, and support the team in times of potential data breaches or other major events
  • Direct and lead the efforts for identification of actual and possible threats to the continuity of operations of the Group and/or the various Units, and recommend actions if any for control, mitigation or transfer of these risks
  • Ensure that the business resilience arrangements of the various Units are consistent with the Bank’s resilience strategy and supporting arrangements established by Head Office
  • Provide day-to-day direction, guidance, training and support to Units, Departments and direct reports on implementation of the business resilience framework and plans
  • Oversee the status of Business Resilience readiness across the Group through various monitoring tools e.g. RCSAs, KRIs, control standards, reporting of incidents, etc.
  • Challenge the completeness, reliability and effectiveness of the Business Impact Analysis, Continuity Plans, DR plans, Incident Response Plans and Emergency Plans developed by Units and Head Office Departments
  • Prepare actionable (consolidated) progress and risk reports to the appropriate stakeholders (Board Risk Committees, Business Continuity Committees, Crisis Management Committees, Senior Executives, etc.) for on-going monitoring of the business resilience strategy and readiness for dealing with crises and major incidents.
  • Coordinate and report to external stakeholders (including regulators) as agreed with Senior Management and the Governance Committees
  • Organize and oversee the adequacy of local and cross-border resilience-plan tests
  • Develop and implement an awareness program for all staff and managers in relation to Business Resilience activities
  • Develop and implement a training strategy for staff directly involved in managing Business Resilience activities.

Job Context (Circumstances & environment surrounding the job):

As the business environment becomes more technology led and complex, business resilience continues to climb the strategic agenda of organisations. 

The traditional focus on Business Continuity has now been largely supplanted by a broader approach towards business resilience, which encompasses:

  • Cyber Resilience –ability to withstand and quickly recover from Cyber attacks
  • Operational Resilience –ability to carry out the Bank’s business despite the presence of operational stress and disruption
  • IT Resilience –ability to maintain running the Bank’s critical systems & processes no matter what
  • Business Continuity Management –the Bank’s framework for identifying and managing business continuity arrangements
  • Crisis and Communication Management –strategy and plans to deal with a sudden and significant negative event.

The need for and complexity of Business Resilience arrangements within the Financial Services sector continues to grow as a result of increasing focus of regulators, governments and customers on whether Financial Services firms have robust and reliable arrangements in place to deal with crisis situations and minimize the impact on the financial system (systemic risk). Business Resilience requires a holistic view of systems and processes to prepare for the most likely scenarios i.e., Cyber Attacks; including data breaches.

Leading a team of direct and indirect reports across a number of geographies the job holder will develop, maintain and test business resilience plans and ensure that supporting policies and procedures are designed to protect the Bank’s business assets, and help ensure continuity of service to our customers in adverse situations.

As such the job holder will need to possess a deep understanding of business continuity and disaster recovery frameworks, regulatory compliance responsibilities, use of technology to automate planning activities, and strategies for continuous monitoring and program improvement.

The job holder should be experienced at leading similar programs across an organization operating at an executive level and serving as a point of contact for internal and external audit as well as regulatory examinations, and customer due diligence requests.

Job Requirements:

Knowledge

  • Relevant knowledge of industry process, control and risk frameworks, e.g. ISO 22301, COSO
  • Knowledge of business continue and crisis management activities
  • Strong understanding of banking activities and processes
  • Broad knowledge of operational risk disciplines, information security, and new technologies (e.g., Cloud, Blockchain)
  • Demonstrable understanding of the regulatory compliance environment in different countries where the group operates.

Education / Certifications

  • University degree with a business, legal, compliance, or IT background
  • Recognized business resilience or business continuity certifications (e.g., CBCM, C/DRE, CBCI, CBCP, EDRP, CBRM, CBRITP).

Experience

  • At least 10 years of relevant work experience, with a minimum of 5 years in a similar role with major international banks
  • At least 3 years in a leadership role
  • Practical working experience with risk and control frameworks
  • Practical working experience with business continuity frameworks
  • Practical working experience with incident and crisis management frameworks.

Personal Attributes

  • Ability to plan, organise and prioritise tasks and projects
  • Able to conduct the role with minimum supervision
  • Strong team player and proven ability to lead working groups
  • Fluent in English (mandatory)
  • Strong communication skills capable of dealing with wide range of internal and external stakeholders