2 Continuity Management Jobs

The Lead Technologist supports the technical infrastructure required to supply IT services to the bank. They are involved in the strategy, design, development, and deployment of IT solutions. They are able to troubleshoot complex issues, being aware of overlapping and different technology areas. Based on their business knowledge, they are able to identify where IT designs can be strengthened and provide value to the businesses. They are responsible for providing detailed technical feedback into the Engineering function to deliver more robust IT solutions. They understand in detail, how IT needs to be supported and can create appropriate processes and controls which ensure IT failings are captured and remediated to ensure stability. They provide technical direction on all related IT platforms and are considered technical experts for level 3 support in outage coordination. The Lead Technologist is counted upon to provide technical guidance and recommendations for complicated business IT problems. They embrace a Continuous Service Improvement approach to drive efficiencies and remove repetition to streamline support activities, reduce risk, and improve system availability. The successful candidate is expected to have at least 12-15 years experience in IT, preferably with Asset Management Business Applications and Processes. The IT Application Owner (ITAO) has sound IT risk management skills. They follow one of several possible service delivery approaches, acknowledge interference with the IT applications life cycle and assist with incorporating the adopted approach into best practice. The focus is on applications moving onto cloud. Here you support tracking of the application control status and help application dev-teams with practical advice. Make sure that all steps in Identity & Access Management cycle (on-boarding, recertification, off-boarding) are compliant against DB Policies and application is on-boarded to central tools. The ITAO is aware of the gap in the current infrastructure solutions and where industry innovations are along the maturity lifecycle. They work with application stakeholders to improve the infrastructure, ensuring compliance with the technical roadmap. The ITAO has a sound knowledge of development methodologies and the IT policies necessary to perform effectively in the organisation, aligned to the banks appetite for risk. The ITAO acts to improve safety and security of the application, compliance with regulations, policies and standards, enhance operational readiness, and ease maintenance of the environment for delivering change into production. The ITAO supports the banks audit function in the remediation of audit points and self-identified issues in order to reduce risk. The ITAO is responsible for producing and maintaining accurate documentation on compliance with methodologies, IT policies and IT security requirements. The ITAO interacts with and influences colleagues on the governance of IT platform reliability and resilience ITAOs will also be responsible for Application Decommissioning ITAOs will be driving activity that helps incidents reduction against an application Support compliance on all steps of SDLC process and make sure that all SDLC controls are green. You support the teams role as key contact for all security controls in the software delivery process and ensure that the security controls are evidenced by driving automated evidence. You are consulting with the ITAO community, information security specialists in our CSO organization, and other infrastructure teams like the ORR/SDLC teams. Your key responsibilities Enterprise IT Governance: Responsible for review of current and proposed information systems for compliance with the organisation's obligations (including legislation, regulatory, contractual and agreed standards/policies) and adherence to overall strategy Information security : Communicates information security risks and issues to business managers and others. Performs basic risk assessments for small information systems. Contributes to vulnerability assessments. Applies and maintains specific security controls as required by organisational policy and local risk assessments. Investigates suspected attacks. Responds to security breaches in line with security policy and records the incidents and action taken. Information content publishing : Understands technical publication concepts, tools and methods and the way in which these are used. Uses agreed procedures to publish content. Obtains and analyses usage data and presents it effectively. Understands, and applies principles of usability and accessibility to published information. Business risk management : Investigates and reports on hazards and potential risk events within a specific function or business area. Continuity management : Implements and contributes to the development of a continuity management plan. Coordinates the assessment of risks to the availability, integrity and confidentiality of systems that support critical business processes. Coordinates the planning, designing, and testing of maintenance procedures and contingency plans. Data management : Assists in providing accessibility, retrievability, security and protection of data in an ethical manner. Methods and tools : Provide support on the use of existing method and tools. Configures methods and tools within a known context. Creates and updates the documentation of methods and tools Overall Responsibilities Summary: Make sure that all critical activities in application are monitored and logs are reviewed. Ensure appropriate controls onboarded and implemented where appropriate. Make sure that all steps in Identity & Access Management cycle (on-boarding, recertification, off-boarding) are compliant against DB Policies and application is on-boarded to central tools. Manage Internal and external application audits and Audit issue remediation activities. Completion of regular/recurring assessments Timely response to audit & regulatory requirements with evidence, were compliant. Make sure that infrastructure is compliant and has up-to-date patches. Plan for Application Hardware Software License upgrades or migration activities to align to the compliant platforms. Keep up-to-date DR Test Plan and manage regular DR Tests Manage application capacity forecasting and monitoring. Manage any IT Security incidents that may occur in the application. Support compliance on all steps of SDLC process and make sure that all SDLC controls are green. Application Decommissioning Drive incidents reduction against an application Planning/Organizing: Able to manage work but also to make the estimate, scheme in detail, work on deployment plans and manage deadlines. Manage the technical roadmap of the application (technology roadmap compliance), estimate/budget capacity needed. Expertise in Planning and execution of Releases, Changes, Patches. Exposure of handling L3 role, incident analysis, patch preparation and implementation. Skilled individual to interact with L2 teams for incident and problem management cases. The candidate will typically have a rather limited technical hands on involvement. A high-level understanding on the products/technologies below is welcomed: Databases; Application/web servers (like J2EE based, especially JBoss, Tomcat, WebLogic Server, Apache) Management of security certificates. Unix servers very basic administration Microservices and SOA Communication and encryption protocols (mainly HTTP(S), SSL) Networking (firewalls, load balancers, etc) High Availability Architecture. GCP Google Cloud Platform management Your skills and experience Degree-level IT and/or information security qualification, or equivalent experience in Information Security and IT Security Experience in Software Development Lifecycle (SDLC) - from idea to production to understand our customer journey, these mostly application owners, business ISOs and development teams GCP-Cloud foundation knowledge General understanding of current security industry standards, best practices, and/or frameworks i.e.: NIST, ENISA, ISO27001, OWASP Problem-solving and analyticalskills with the ability to oversee complex processes Ability to educate a technical and non-technical audience about varioussecuritymeasure Excellent communications skills and very service oriented and customer friendly behaviour even in stressful situations Self-driven behaviour Fluent in English (written/verbal) Preferable Knowledgeofinformation securitytools e.g., security scan and testing tools Understanding of cloud engineering and native security features to support the migration path for applications onto the cloud environment Firm understanding of DevSecOps and the banks shift left agenda to integrate security in the software development lifecycle as earliest as possible. ISO or ITAO certification (for internals only)

This role sits within the global HSSE team that centrally supports the four regions, taking into consideration the scale of each site and the risks that need to be mitigated. Within each region there are local HSSE advisors, that work closely with the central HSSE team in the subjects of Cyber and C&CM. The global HSSE team are the conduit between group HSE&C and the frontline regional teams, providing the strategic direction and tools to deliver safe, reliable and compliant operations. Within the global HSSE team, the Cyber Security and Crisis &Continuity Manager will play a pivotal role in developing the processes required for the business to ensure that we are Cyber and C&CM compliant. Future proofing these processes to set the business up for success. This will be delivered inline with the business and group HSE&C strategy to assist delivery of safe, reliable and compliant operations globally. Relationship management: Group Cyber & C&CM subject matter experts and regional HSSE advisors Prioritization: Evaluate group requirements and work with key stakeholders (frontline Air bp through to other bp businesses) to create fit for purpose guidance/process/training to ensure compliance across all levels of the business. Crisis and Continuity Management: Evaluate business requirements globally, design and implement business continuity and recovery plans and ensure success from frontline to entity level Governance: Development of Cyber and C&CM metrics insights for key governance meetings Communications: Development of key Cyber and C&CM communications and training materials Regulatory & Risk compliance: Design and implement new Cyber and C&CM process across global business, lead verification and risk processes Verification: Lead development and verification of a global Cyber and C&CM audit process Global cyber lead that interacts and leads oversight of PCN accountabilities of regional cyber leads Leads operational technology (OT) security of our 14 high risk sites with regional cyber leads Ownership and management of key PCN processes and standards Lead updates of continuity plans for a digital cyber attack at high risk sites Develops, updates and verifies cyber security risk assessment, bowtie and barriers. Tests barriers Work closely with regional cyber ambassadors to understand strength of cyber security barriers Monitor cyber barometer and support LT to improve cyber behaviours. Create insights Lead business continuity plans for business liaising with IT on DR. Optimise business continuity and report to LT on any risks. Work with IT to develop business cases to improve business continuity Lead continuity planning and testing of critical global systems with the Digital Senior Manager, including ensuring robust backup plans and systems are in place Maintain relationship with regional C&CM managers and create cyber security scenarios that the regional C&CM managers can use in their planned ER/IMT and BST exercises. Support these as needed and respond to lessons learned Education : Bachelor's degree or equivalent experience in science/engineering/HSSE related technical subject area Experience Experience in Cyber, Crisis and continuity management/ HSSE&Q/operations/engineering roles Good communication, time management, people management, coaching/training and team working skills Experience of working as part of a team to deliver key initiatives/projects Good networking and influencing skills, as well as ability to incorporate feedback from the frontline Self starter and ability to prioritise workload based on risk Desirable to have investigation experience Desirable but not necessary to have experience & knowledge of distributed businesses and/or the Aviation Industry. Skills & Competencies Desirable to have some of the following technical skills: Operational safety Regulatory compliance Crisis and continuity management Cyber analytics You will work with - This role sits within the global HSSE team that centrally supports the four regions, taking into consideration the scale of each site and the risks that need to be mitigated. Within each region there are local HSSE advisors, that work closely with the central HSSE team on Cyber and Crisis and Continuity Management. The global HSSE team are the conduit between group HSE&C and the frontline regional teams, providing the strategic direction and tools to delivery safe, reliable and compliant operations. Our team is collaborative, fast paced and exciting to work with. We are open to new ideas and ways of working to help us continually improve.