Job Qualifications

Education/Training Qualifications:

- University degree/College diploma in the field of computer science and/or information security

Experience:

- 10+ years experience, preferably with a background in IT Operations and Risk governance process

- Proven experience developing and implementing IT business continuity plans and strategies

- Excellent strategic, problem solving, and analytical skills

- Background in hypothetical situations and concepts and to identify risks and weaknesses in various business processes

- Ability to collaborate with others to develop an emergency plan

- Strong knowledge of IT risk management frameworks, such as ISO 27001, NIST Cybersecurity Framework, or COBIT

- Familiarity with relevant regulatory requirements (e.g., GDPR, HIPAA, SOX) and industry standards (e.g., PCI DSS)

- Excellent analytical and problem-solving skills, with the ability to assess and prioritize risks effectively

- Strong communication and interpersonal skills to collaborate with stakeholders at all levels

- Experience in incident response and crisis management is preferred

- Professional certifications such as Certified Business Continuity Professional (CBCP) or Certified Information Systems Security Professional (CISSP) are a plus

- Creation, management or administration of policies and processes with superior written and verbal communication skills

- Be willing to work flexible hours including evenings and weekends as the job demands and travel as required

- Be more than approachable with your superior interpersonal skills

Job Responsibilities

1. Risk Management:

- Conducts risk assessments for various departments and functions, analyzing potential business impact due to loss of digital systems

- Identify, analyze, and evaluate digital systems and data related risks, including potential threats, vulnerabilities, and impacts on business continuity

- Develop and implement risk mitigation strategies and controls to minimize the likelihood and impact of disruptions

- Conduct regular risk assessments and gap analyses to identify emerging risks and recommend appropriate risk treatment measures

- Monitor and report on risk indicators and metrics to ensure proactive risk management

2. Business Continuity Planning:

- Align recovery time and point objectives with requirements from the business and technical/financial viability for critical systems

- Ensure system specific recovery playbooks for critical digital systems are designed, documented and maintained by the relevant technical teams, and capable to support the agreed recovery time, and point objectives

- Develop comprehensive continuity plans with the business that defines how they will continue to operate while system recovery is ongoing; reviews, revises, and expands existing plans and protocols

- Ensure business continuity plans are developed, owned and maintained by business stakeholders

- Conduct regular tests, drills, and exercises to validate the effectiveness of system recovery plans and identify areas for improvement

3. Compliance and Regulatory Requirements:

- Stay up to date with relevant industry standards, best practices, and regulatory requirements

related to IT risk management and business continuity

- Ensure compliance with applicable laws, regulations, and contractual obligations

- Conduct periodic audits and assessments to evaluate compliance

- Implement corrective actions for compliance gaps.

4. Stakeholder Engagement:

- Collaborate with internal stakeholders, including IT teams, executive management, and business units, to understand their requirements and align risk management and business continuity initiatives with organizational goals

- Provide guidance and support to business units during the development and implementation of business continuity plans

- Act as a subject matter expert on IT risk management and business continuity, providing training and awareness programs to enhance the organizations overall resilience

- Develops (with support from vendor) and provides staff training on risk management/business continuity and disaster recovery

- Support the Group IT Director, Head of Security in the definition of the strategic orientations of digital risk management at Hoya

- Participates in the organizations business continuity planning together with HSE, Risk to align the organizations emergency management plan with established best practices