Role Purpose
The Manager, ERM & BCM will be responsible for strengthening TIME dotCom's resilience by embedding risk management and business continuity practices across the organization. The role requires a balance of Enterprise Risk Management (30%) and Business Continuity Management (60%) responsibilities, with additional contributions to compliance and governance. The ideal candidate brings approximately 10 years of relevant experience in risk, resilience, or continuity management, and holds a recognized BCM certification (e.g., MBCI, CBCP, ISO 22301 Lead Implementer, CRMP).
Key Responsibilities:
Business Continuity Management (60%)
- Lead the development, implementation, and maintenance of the organization's Business Continuity Management System (BCMS) in alignment with ISO 22301, NCII (National Critical Information Infrastructure) guidelines, and regulatory requirements (MCMC, NACSA/NC4).
- Conduct and update Business Impact Analyses (BIA) and Risk Assessments, ensuring coverage across business units, critical systems, and third-party dependencies.
- Develop, test, and refine Crisis Management, Incident Response, and Disaster Recovery (DR) plans; coordinate simulations, tabletop exercises, and sector-wide drills.
- Partner with Technology, Operations, and Customer-facing teams to ensure robust service availability commitments and validated recovery strategies.
- Monitor and report BCM performance metrics, readiness levels, and gaps to senior management, including Chiefs and the Board Risk Committee.
Enterprise Risk Management (30%)
- Support the Head of Risk Management in implementing and enhancing the Enterprise Risk Management framework in line with ISO 31000 and COSO principles.
- Facilitate risk identification, assessment, and monitoring processes with key stakeholders across the organization.
- Contribute to the maintenance of the corporate risk register, including risk appetite alignment and mitigation tracking.
- Prepare and present regular risk reports, heatmaps, and dashboards to Management, Risk Committees, and the Board.
- Provide advisory input on risk considerations in major projects, contracts, and strategic initiatives.
Other (10%)
- Ensure effective governance, compliance, and audit readiness in relation to ERM and BCM practices.
- Stay current with industry trends, regulatory requirements, NCII/NACSA standards, and international best practices.
- Mentor and guide junior staff in risk and continuity disciplines.
Qualifications & Experience:
- Bachelor's degree in Business, Risk Management, IT, or related field (Master's degree an advantage).
- 10 years experience in Risk Management, Business Continuity, or related domains, ideally within the telco, financial services, or technology sectors.
- Professional certifications strongly preferred: MBCI, CBCP, CRMP, ISO 22301 Lead Implementer/Auditor, or equivalent.
- Strong knowledge of ISO 22301, ISO 31000, ISO 27001, NCII/NACSA guidelines, and local regulatory requirements (MCMC, NC4).
- Demonstrated experience in leading BIA, DR exercises, crisis simulations, and risk workshops.
- Excellent analytical, facilitation, and stakeholder management skills, with the ability to communicate effectively at all organizational levels.
Competencies:
- Strategic thinker with the ability to translate risk and continuity concepts into actionable programs.
- Strong interpersonal and influencing skills to drive cross-functional collaboration.
- High resilience and adaptability in handling crises or disruptions.
- Detail-oriented with strong analytical and reporting capabilities.
