Title: Program Director SCIRA-FSI
Report to: Managing Director, EU
Location: UK based, remote
Uptime Institute has unparalleled expertise in helping organization plan, building and operate world class digital infrastructure.
Uptime Institute has unparalleled expertise in helping organizations plan, build, and operate and optimize world-class digital infrastructure. With over 250 financial sector projects completed to date, globally Uptime Institute has paved new ground in the exploration and implementation of programs that help financial organisations to advance the detection and mitigation of ICT operational risk.
We are now looking for a financial sector Intuitions (FSI) expert with regulatory experience to lead the continued development of Uptime Institute’s Standardized Comprehensive Infrastructure Risk Assessment for Financial Sector Institutions (SCIRA-FSI) program.
This is a start-up role that will be responsible for the continued development of the SCIRA-FSI program in support of the financial services ORM (Operation Risk Management) community globally, in defining better maturity models for independent assessment/testing.
The role will work closely will work with FSIs operational resilience teams to help them optimize their first, second and third line of defence, defining and delivering sustainable and practical solutions for the assessment of risk within their IT estate, across owned sites and third-party MSP, Cloud Services, SaaS and Colocation suppliers
Experience
This is a Senior role (hands-on) aimed at improving our clients’ IT Estate's Resilience across operations, therefore an understanding of infrastructure engineering/application engineering expertise is essential.
The successful candidate will have exposure to developing and implementing risk management programs in global financial organizations, with robust knowledge of technology, risks, architectures, and related tools. Prior business continuity or IT continuity and third-party risk management experience (IT, Cyber, Vendor management etc.) is a must. Experience with Governance, Risk and Compliance (GRC) tools and other risk management information systems is preferred.
- The role holder will have detailed knowledge of the European regulatory environment (e.g. EBA Opres, EBA Operational Resiliency, Supervisory review and Evaluation Process (SREP), Recovery Planning, Digital Operational resilience, EBA guidelines on third party outsourcing, & European Commission Digital Operational Resilience Act) and related local regulatory requirements (e.g. BaFin, FINMA, BOE, PRA etc)
- The role holder will possess first-hand knowledge of Retail, Corporate & Investment Banking, Insurance, payments and other regulated entities and their typical IT/ infrastructure estates and will have demonstrable experience of successfully establishing Operational Resilience frameworks and capabilities within European financial services institutions
- The role holder will possess excellent knowledge of Resiliency: reducing recovery time, resilience testing, disaster recovery, networks resilience, identifying single points of failure (SPoFs), across Mechanical and Electrical Architecture, Operations and system software controls within IT infrastructure estate's settings
- The role holder will have experience in creating and maintaining the service taxonomy; reviewing and updating service categories; important business services (IBS) and critical business services (CBS) and will have coordinated and managed activities to assess the resilience of critical resources that support each area (e.g. monthly, annual, periodic attestations) across owned and third-party compute venues
- The role holder will have experience in establishing and managing the process to set and review Impact Tolerances and Scenario Testing for all IBS/EBS as well as defining and maintain a catalogue of ‘severe but plausible scenarios for ICT infrastructure
- The role holder will have experience in establishing and managing the creation of regulatory self-assessment and third-party assessments and coordination periodic assessments
- The role holder will have experience in coordinating with internal compliance and IT audit groups
- Experience interacting with regulatory agencies is a plus.
Skills
- Strong technology and/or Financial Services industry experience obtained via a career in industry or another consultancy
- Knowledge of the latest infrastructure technology trends, and an appreciation of the risks they present
- Demonstrated ability to build effective relationships with multiple stakeholders across both IT and Risk and compliance functions
- Ability to think creatively, generate innovative ideas, question the status quo at our clients’ operations and deliver effectively against challenging objectives
- Analytical skills are also key to enable you to identify and challenge on key areas of operational resilience, and to support the development of bespoke and innovative. approaches to make sure that our FSI strategic programmes continue to evolve
- First-hand experience of working in an operational role in 1st and 2nd or 3rd Line of Defence, and demonstrate knowledge of relevant legislation and regulation affecting resiliency, and of emerging technologies and associated vulnerabilities and risks
- Excellent oral and written communication skills
- Strong interpersonal and leadership skills
- Ability to work iteratively, delivering quickly and frequently to produce high-quality documents and outputs which require little to no rework.
- Multilingual English as a first language with German, French, Spanish or Dutch as second
Key Responsibilities
- Responsible for development of the short and long-term strategy for SCIRA-FSI including, driving requirements and improvement initiatives, developing roadmaps with actionable plans, leading cross-functional teams both internally and externally, and championing the execution and roll out of initiative globally
- Responsible for continuous development of SCIRA-FSI assessment scope parameters, to review, analyse and challenge Uptime Institute SCIRA-FSI assessment scope against the norms and standards, for FSI ICT operational risk management (ORM), defined as a continual cyclic process which includes risk assessment, risk decision making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk to ensuring alignment to the global ICT operational resilience, legislative mandates in the banking sector
- Responsible for developing a clear and comprehensive understanding of international regulatory requirements and expectations of ICT Operational Risk and Resilience and integrating these into the advisory and assessment offering and practice strategy
- Responsible for understanding 1LOD risk 2nd or 3rd lines risk appetites and impact tolerances and implementation of Operational Resilience/Business Continuity/ Disaster Recovery processes, within a financial services organization
- Responsible for creating and managing SCIRA-FSI program development partners and SCIRA-FSI advisory board in line with the company’s objective of engaging the global FSI-community on an ongoing basis to ensure SCIRA-FSI maps to current and future market and regulatory requirements and to establish the SCIRA-FSI assessment as the de-facto assessment in the sector
- Responsible for engaging the EBA and country specify regulators to ensure the acceptance of the SCIRA-FSI assessment artefact as a basis of best-practice risk assessment and mitigation
- Responsible for establishing, sales process, training of technical and sales employee’s, product launch and on-going marketing programs in partnership with relevant functional areas
- Responsible for planning and monitoring program execution, project coordination and managing project interdependencies, cross-project resource management, Identifying and addressing problems and risks, program documentation, stakeholder communications, negotiations, and problem-solving