Key Responsibilities:
As the Resilience Lead, you will own the end-to-end lifecycle of ICT continuity and cyber crisis readiness at the corporate level. Your mission is to ensure BizLink can withstand, respond to, and recover from significant digital disruptions to meet its business goals.
- Develop, implement, and maintain the corporate-level ICT Business Continuity Management System (BCMS) and Cyber Crisis Management plans in alignment with ISO 22301 and ISO 27031
- Lead comprehensive Business Impact Analyses across the organization to identify critical processes, Allowable Interruption Windows (AIWs), Maximum Tolerable Outages (MTOs), and minimum Service Level Objectives (SLOs)
- Partner with IT teams to design and validate backup/recovery strategies. Ensure that technical Disaster Recovery plans are capable of meeting RTO and RPO targets derived from business requirements
- Design, facilitate, and lead cross-functional, scenario-based Cyber War Rooms and end-to-end emergency exercises to test the effectiveness of response playbooks and implement a culture of readiness
- Assess the resilience and recovery capabilities of third-party service providers, ensuring they align with our internal RTO/RPO standards
- Act as the subject matter expert for customer audits, security questionnaires, and ISO 22301 certification efforts regarding ICT-BCP, DR, and Cyber Resilience
- Collaborate with the Information Security GRC team to ensure the organization's resilience framework meets contractual and regulatory requirements, such as NIS2
- Prepare formal resilience reports and maturity assessments of the Resilience pillar for senior leadership
Required skills & qualifications:
- Minimum of 3 years in Information Security, with a heavy focus on ICT Business Continuity and Disaster Recovery
- In-depth knowledge of international standards, specifically ISO 22301 (Business Continuity) and ISO 27031 (ICT Readiness)
- Experience managing or designing Cyber War Room environments and leading cross-functional teams through simulated or real-world incidents
- Deep understanding of modern backup technologies, immutable storage, and the architectural requirements needed to achieve aggressive RTOs/RPOs
- Ability to translate complex technical recovery concepts into business-risk language for non-technical stakeholders
- Comfortable working independently to drive a pillar of the security strategy while functioning as a cohesive member of the broader security team
- Ability to analyze business processes and identify single points of failure
- Experience navigating external audits
- Ability to evaluate technical and organizational resilience measures of external cloud and service providers
- Relevant degree in Information Security, Computer Science, or a related field
- Current holder of (or commitment to obtain) certifications such as CBCP, CISM, CISSP, or ISO 22301 Lead Implementer
