Role Overview:
IT Resilience Consultant (second line function) required for a global bank. You will be responsible for leading the strategic development and harmonization of a comprehensive resilience framework across multiple jurisdictions. In this role, you will collaborate closely with senior management to define and shape the operational resilience strategy, ensuring alignment with regulatory requirements and best practices in the UK, EU (PRA, FCA, DORA, NIS2). The role encompasses oversight of the following competencies from a resilience perspective: ICT risk and controls management and reporting, incident data analysis and reporting, and resilience testing and third-party risk management, while embedding industry standards such as ISO 27001 and ISO 22301.
Key Responsibilities:
Operational Resilience Framework Development:
Act as a key advisor to senior management, providing insights and recommendations to define the organization's operational resilience strategy.
- Collaborate with leadership to ensure that resilience goals align with broader business objectives and regulatory expectations, including UK and EU regulations (FCA, PRA, DORA) and international frameworks like NIS2.
- Support the ongoing refinement of the group's operational resilience strategy ensuring the group is agile and adaptable to evolving threats and opportunities.
- Ensure harmonisation of the operational resilience framework across the organization's global footprint, addressing third-party risk, IT infrastructure, and business-critical functions, complying with regulations across multiple regions, integrating NIS2, DORA, and other applicable international standards.
- Ensure consistency in resilience policies and controls across all business units globally, working closely with IT, security, and operations teams.
Resilience Risk Management and Reporting
- Ensure compliance with UK and EU regulations, including NIS2, DORA, and FCA/PRA guidelines, while adhering to international resilience standards.
- Lead resilience-related second line risk assessments and collaborate with regulators to demonstrate the organization's commitment to operational resilience and risk management, focusing on critical IT services, third-party dependencies, and business-critical operations.
- Develop key resilience metrics and provide comprehensive reports to senior management and regulatory bodies on the organization's resilience.
- Propose actionable insights and strategic recommendations to mitigate identified risks and enhance resilience capabilities.
Resilience Controls
- Controls - Provide second line oversight to the development and management of IT service continuity plans, ensuring that critical systems and applications can recover swiftly from disruptions.
- Align business continuity strategies with IT architecture and service continuity, ensuring that both physical and digital assets are covered.
- Implement resilience controls, including ISO 27001 and ISO 22301, to manage both IT and operational risks effectively.
Testing
- Testing - Design and lead comprehensive resilience testing frameworks, network and application testing (including pen testing, load and vulnerability testing) as well as scenario testing (disaster recovery exercises, failover simulations, and cyber incident drills.)
Incident and Crisis Management
- Provide second-line oversight for crisis management, ensuring that incident response plans are well-defined and regularly tested.
- Embed major incident management and reporting best practice.
- Support senior leadership during Real Time crisis events, ensuring coordination across IT, security, and operations.
Stakeholder Engagement and Training
- Engage with internal and external stakeholders, including senior management, regulators, and third-party providers, to ensure resilience objectives are well understood and executed.
- Provide training and development to first-line teams, ensuring organizational readiness in business continuity, IT service continuity, and resilience testing.
Essential skills and experience
- Extensive experience in operational resilience, information security, IT audit, or architecture, with a proven track record in shaping resilience strategy.
- Strong knowledge of UK, EU, and international resilience regulations, including NIS2, DORA, FCA, and PRA.
- Experience implementing industry standards such as ISO 27001 (information security) and ISO 22301 (business continuity). Expertise in IT service continuity, resilience testing, and integrating resilience frameworks with IT architecture.
- Proven ability to collaborate with senior management to define and execute strategic resilience initiatives.
Preferred Skills and experience:
- Experience managing resilience across multinational operations with a focus on cross-border IT service continuity.
- A proven track record in developing resilience metrics, conducting risk assessments, and reporting resilience performance.
- Familiarity with third-party risk management and its impact on operational resilience.