Business Continuity Manager at I&M Bank

Job Description

Job Purpose

The Business Continuity Manager – Second Line of Defense is responsible for providing independent oversight, governance, and challenge to the Banks’ business continuity and crisis management capabilities. As part of the Enterprise Risk Management (ERM) team, the role ensures that the first line develops and maintains robust, effective, and compliant Business Continuity Plans (BCPs), Disaster Recovery Plans (DRPs), and Crisis Management strategies.

Key Responsibilities

Governance & Framework Management

Ensure that the enterprise-wide Business Continuity Management (BCM) Policy, Framework, and Standards are compliant with relevant legislation and regulatory guidelines.
Ensure alignment between BCM and the overall enterprise risk management strategy, risk appetite, and operational resilience goals.
Define Ensure that the planning and testing requirements developed by first line are fit for purpose and monitor compliance by the first line.

Independent Oversight & Challenge

Review and challenge Business Impact Analyses (BIAs), BCPs, DRPs, and Crisis Management Plans developed by the business units.
Validate Review recovery strategies and assess alignment with Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
Provide assurance on the quality and completeness of business continuity documentation and readiness.
Testing & Assurance

Ensure that enterprise-wide testing protocols (e.g., tabletop, simulation, full interruption) are fit for purpose and compliant with legislation and regulatory requirements.
Monitor and evaluate the effectiveness of business continuity testing conducted by the first line.
Hold first line accountable for the remediation of findings and validate closure of continuity-related issues and gaps.

Training & Awareness

Evaluate the quality of training materials and awareness programs developed by first line to build business-wide resilience culture.

Crisis & Incident Support

Evaluate the performance of the Crisis Management Team during major incidents or disruptions and make recommendations first line for improvements.
Ensure crisis communications and escalation protocols follow organizational policy.
Contribute to post-incident reviews (PIRs) and recommend lessons learned and enhancements.
Metrics & Reporting

Review the performance of BCM Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) as defined by the business units and make recommendations on improvements.
Prepare regular reports to the Board of Risk Committee, and regulators.
Support internal audit, compliance reviews, and external regulatory inspections related to continuity planning.

Regulatory & External Liaison

Ensure compliance with relevant standards and frameworks, such as ISO 22301 (Business Continuity Management) and Prudential guidelines
Liaise with external auditors, assessors, and third-party vendors where BCM assurance is required.

Job Dimensions:

Key Interfaces

First Line Business Units and Process Owners
Operational Risk and ERM Colleagues
IT Disaster Recovery and Cybersecurity Teams
Facilities and Physical Security
Internal Audit and Compliance
Regulators and External Assessors
Performance Indicators

% of critical BUs with independently reviewed BCPs/BIAs
% of continuity plans tested within cycle
Closure rate of BCM audit and risk findings
Regulatory compliance ratings related to continuity
Improvements in BCM maturity assessments

Job Specifications

Academic Qualifications

Bachelor’s degree in a related field.
Demonstrated experience in second line of defense roles or governance functions.
Professional Qualifications / Membership to professional bodies/ Publication
Certification in Business Continuity or Resilience, CBCP (Certified Business Continuity Professional), MBCI (Member of the Business Continuity Institute), ISO 22301 Lead Implementer.
Understanding of IT Disaster Recovery, cyber resilience, and third-party risk management.

Work Experience Required

5+ years’ experience in Business Continuity, Operational Resilience, or Enterprise Risk Management.

Competencies:

Strong understanding of BCM and ERM frameworks and how they integrate.
Excellent analytical, critical thinking, and risk-based decision-making skills.
Ability to provide independent challenges while constructively enabling the business.
Effective communicator with strong interpersonal and stakeholder engagement skills.
Skilled in reporting, presentation, and documentation for senior leadership and regulators.