JOB IDENTIFICATION JOB TITLE: Business Continuity Officer POST LEVEL: TASK 16 DEPARTMENT: Enterprise-Wide Risk REPORTING LINE: General Manager Enterprise-Wide Risk DIVISION: Enterprise-Wide Risk LOCATION / CENTRE: Sandton CONTRACT TYPE: Full time PURPOSE OF THE JOB To develop business continuity management programs, reviewing company BCM policies and plans, and advising management on possible risks to ensure a that the organization functions in a legal and ethical manner while meeting its business goals. The mandate of Business Continuity Management Officer is to ensure an effective enterprise Business Continuity Management (BCM) governance framework that is consistent with general regulatory requirements and industry’s best practices/standards are developed, maintained and adhered to. Ensures that an auditable governance framework, consistent with general regulatory requirements for BCM across jurisdictions in which the NHFC operates, is developed, maintained, and adhered to across the Enterprise, so that the NHFC is appropriately prepared for, and can respond to unexpected disruptions to normal activities JOB DESCRIPTION Key Performance Areas Key Activities Managing Business Continuity Management Function 40% • Develop the BCM policies, frameworks, guidelines and plans linked to latest BCM guidelines and leading practice. • Developing materials at an institutional level for distribution to all employees to enhance awareness of compliance activities, including posters. • Develop corrective action plans for problematic issues and provides guidance on resolution and future prevention and mitigation. • Exercises discretion and use of independent judgement with respect to matters of significance. • Stay abreast of changes in regulation, guidance and best practices and inform management on compliance changes that may affect the organisation. • Provide guidance and assistance to management in coordinating and overseeing an effective BCM program in line with current industry best practices, regulatory guidance and requirements. • Assist various departments in evaluating policies and procedures for compliance with relevant BCM legislations and regulations. • Identifies potential areas of BCM vulnerability and risk through analysis and assessment. • Review the proposed business continuity and disaster recovery plans for design, completeness, and overall adequacy. • Monitor the effectiveness of the recovery and control of operations and recommend improvements to the SCP. • Part of a team of BCM-risk management professionals who work with senior management in all lines of business to coordinate business continuity governance activities. • Contribute to the development and maintenance of the enterprise-wide business continuity management program including development of tools and instructional guides for both businesses. • Contribute to establishing and maintaining program processes and practices which effectively ensure that the enterprise program remains current and incorporates/aligns with industry standards and practices as appropriate, and adequately covers general regulatory requirements. • Supports and/or leads processes that support NHFC BCM governance requirements as part of the enterprise operational risk framework (as assigned). • In a relationship management capacity, provides guidance and direction to stakeholders to ensure their business continuity management processes are in accordance with the NHFC’s enterprise-wide business continuity management program and quality standards. • Review of documentation, with Business Continuity Management owners, as well as the Business Process owners • Participates as independent business continuity professional in support of various • Other initiatives to achieve the risk management objectives of EWRM. • Provide subject matter expert for business continuity management. • Participates in external business continuity management organizations and keep abreast of industry best practices and trends. • Facilitate the development of a comprehensive Business Continuity Management Process Includes: • Crisis Management • Crisis Communications • Business Resumption Planning • IT Disaster Recovery Planning • Evaluate the Following: • Standards, Policies and Procedures • Relationships with External Agencies and Authorities • Training and Awareness Materials • Budgetary Documentation • Documented plans • Recovery Location/ Hot-site Contracts • Test Results • Service Level Agreements • Regulatory Requirements • Supply Chain/ Vendors and Network Key Performance Areas Key Activities whom they support (In order to better understand their expectations). Business Continuity Management implementation 40% • Implementation and management of the business continuity management (BCM) function. • Overseeing and monitoring the BCM through the development of applicable policies, frameworks and plans. • Periodic revision of BCM program in light of changes in the applicable legislation. • Overseeing and monitoring the implementation of the BCM program. • Coordinating internal BCM review and monitoring activities, including periodic reviews of departments. • Provide an annual holistic opinion on the effectiveness and adequacy of BCM, control, and governance processes. • Supports BCM management through risk identification, control testing and process improvement procedures • Aid in the improvement of tools to monitor, analyse, and report on BCM • Prepare and facilitate BCM simulation sessions • Prepare reports for senior management and external regulatory bodies as appropriate • Maintain effective practices and procedures for BCM • Identifying the lessons learned from the disaster and the recovery operations. • Periodically monitor the effectiveness of NHFC’s BCPs/DRPs to ensure the timely resumption of operations and processes after adverse circumstances reflects the current business operating environment. • Manage the development of business continuity plans (BCP). • Identification of business continuity requirements and solutions. • Identification of risks to business continuity, mitigation actions and implementation follow-up. • Manage the annual business continuity test plan. • Develop and maintain training and awareness program and collateral. • Main all administration of the BCM System. Internal Audit: • Assist with facilitating and attending Internal Audit meetings • Monitor progress against the IA plan and ensure that the IA team reports on progress quarterly and where required ensure action plans are in place to address non achievement • Ensure IA submit an annual plan and charter for approval • Ensure that the IA plan is risk based Key Performance Areas Key Activities • Keep record of and track all IA findings. Ensure that all business units respond to relevant findings • Prepare reports on IA progress Assist with strategic and operation risk management • Assist with development of operational risk registers • Assist with facilitation of operational risk assessments • Assist with risk management training • Assume management responsibility for Business contingency planning efforts with a major focus on assuring the adequacy of business unit contingency plans for critical business areas, functions and applications. • To maintain continued operations, asset protection, and loss mitigation in the event of a disruption, coordinating activities of technology resources with the company’s business units and development groups, as required. • Work with business unit management to enhance contingency plans, mitigating the effect of a technology system or application failure or problem. Key objectives are that business units can continue to manage the firm’s assets, satisfy our regulatory obligations, and maintain our presence in the marketplace. • Perform periodic reviews and tests of established Business Continuity Plans and • procedures, reporting findings to management and making recommendations for improvements as needed. Key Performance Areas Key Activities Business Continuity Management awareness and training and reporting 20% • Development, coordination and participation in routine multifaceted educational and training programs that focus on the elements of the BCM program thus striving to ensure that all appropriate employees and management are knowledgeable of, and comply with, BCM policies, procedures and plans. • Develop awareness program and material for the NHFC. • Monitor the performance of the BCM programs and related activities, taking appropriates steps to improve its effectiveness. • Developing, coordinating, and participating in a multifaceted educational and training program that focuses on the elements of the BCM program, and seeks to ensure that all appropriate employees and management are knowledgeable of, and comply with, pertinent standards. • Conduct routine and/or focused reviews of policy/procedure adherence as well as coordinating audits generated by external sources. • Oversee and monitor the activities and undertakings of BCM, consistent with the strategic direction, compliance with relevant regulations and operating objectives approved by the Board. • Implementation and management of the business continuity management (BCM) function. • Prepares and conducts BCM compliance audits. • Prepare reports for Management and the Board of Directors concerning the BCM function including scope and results of audits. • With the CEO and other members of Executive team, ensure the implementation of the strong BCM controls and report to Board in a timely manner on deviations. • Ensure the accuracy, completeness, integrity and appropriate disclosure for BCM. • Carry out any other appropriate duties and responsibilities assigned by the management. • Implementation and management of the business continuity management (BCM) function. • Ability to provide advice on regulatory requirements for BCM. • Ability to facilitate the management of BCM within the organisation. • Ability to Develop and implement BCM policy, processes and procedures. • Ability to ensure that BCM standards and procedures have been adhered to. • Ability to monitor and report on BCM • Ability to provide monthly reports on BCM. • Business Continuity Management practices and protocols, including in-depth knowledge of international BCM standards promoted by BCI and DR. and ISO • A strong understanding of Operational risk and resilience, Business Process improvement methods as well as risk related control frameworks and practices (COCO, COSO, ISO, ITIL, CMM, COBIT, etc.). • Extensive knowledge of regulations and guidance and best practices surrounding them. • Ability to work independently, as well as collaboratively within a team environment. • Ability to interact effectively with all levels of management, legal counsel, law enforcement, regulators and examiners while maintaining strict confidentiality. • Strong decision making, analytical and investigative abilities with attention to detail and accuracy. • Ability to manage the Business continuity function NHFC COMPETENCIES Job Specific Competencies: Business Continuity Management Administrative Support Analytical Skills Communication Skills Corporate Governance Financial Management Job Knowledge/Technology Monitoring & Evaluation Problem Solving Risk Management Attributes: Attention to Detail Continuous Learning & Development Initiative Professionalism Quality Management/Assurance Values and Ethics REQUIRED QUALIFICATIONS AND EXPERIENCE Qualifications Minimum Requirement: A Bachelor’s Degree in Business Continuity Management, business administration, finance, economics or related financial institution experience. certification(s) preferred. Certification: Required: Business Continuity Certified Expert or Business Continuity Certified Planner. Optional: IRMSA: Risk Management Practitioner. Membership: BCM Institute (must) and/or IRMSA Preferred Requirement: Above similar qualification Experience Minimum Requirement: 5 to 8 years of exposure to internal Business continuity /risk management. Preferred Requirement: Above experience in a similar environment
