Business Continuity and Organizational Resilience Lead
UK remote working.
Rate Guidance: Unfortunately no rate guidance has been provided for this role so a competitive rate is requested
An experienced business continuity and organisational resilience (BC/OR) lead is required to support Registers of Scotland's BC/OR improvement goals. This nontechnical role is required to identify and communicate our BC/OR development needs including strategy and policy, governance, process, people and culture, responding to the outcomes of audit and other assurance findings.
The Risk and Information Governance Service sits within the Corporate Services Directorate and provides risk, compliance and assurance services across our organisation. Registers of Scotland is building an increasingly mature BC/OR capability, facilitated in collaboration across our established technology teams, our Risk and Information Governance Team, and wider teams and stakeholder groups engaged in the BC/OR agenda. Our established governance groups will be a principal client for the post-holder's work, working in consultation with the Head of Enterprise Risk and other leadership colleagues. The post holder will work with existing team members and subject matter experts across the organisation to achieve the desired outcomes. RoS has established technology teams and expert capability on DR and technical resilience, across our on-prem and cloud infrastructures, and is not seeking a technology expert for this role. RoS has existing primary business continuity and departmental business continuity plans in place, and will be looking to the postholder to add value to these by improving their efficacy.
Our organisational objective is to improve upon our existing business continuity management capability to align this with our current position as a fully digital registration and information business, and with our cautious risk appetite.
We aim to achieve confidence and assurance that we have in place the appropriate capability to absorb change and uncertainty, and respond to adverse events, with minimal impact to our operational and strategic objectives.
You will define and win support for a programme of improvement, assessing our current position, identifying our improvement opportunities, defining options for delivery, and securing stakeholder buy-in. This will require you to undertake enterprise level analyses which you will use to define the strategy, policy and delivery roadmap elements as a foundation for our forward journey.
- Gap analysis and/or capability maturity assessment of RoS current BC/OR position
- High level risk analyses, business impact analyses (BIA) and business function prioritisation
- Overarching strategy, policy and/or principles to respond to these analyses
- Recommendations and options for a BC/OR improvement programme, including benefits, risks, resources and timescales
- An agreed roadmap and resourcing plan for our onward improvement journey
- A schedule of proposed testing, monitoring, reporting and assurance of BC/OR capabilities
- Coach, mentor and knowledge transfer with stakeholders at both decision making and practitioner levels
- Planning, preparation and execution of business continuity and/or cyber incident exercises and simulations
- Business continuity and incident management elements of our Information Security Management System (ISMS)
The successful candidate will have a strong understanding and background in nontechnical business continuity, and the ability to effectively collaborate, orchestrate and deliver is essential.
- FBCI or MBCI qualification from the Business Continuity Institute or equivalent
- Leading the design and implementation of Business Continuity Management Systems or equivalent, and their integration with ISMSs
- Leading a program of improvement activity to enhance and build upon existing business continuity capabilities and maturity
- Risk management practice (identification, scoring, prioritisation, etc)
- Integrating enterprise-wide non-technical business continuity solutions with technical disciplines (e.g. Disaster Recovery)
- Building business continuity capability, training and awareness
- Designing and delivering a business continuity exercise/testing programme
- Designing incident management processes and procedures
- Leading organisations through significant business continuity certification activities, such as ISO22301
- A sound background in other areas of business continuity management, including: o Crisis Management and Communication o Operational and Organisational Resilience o BC in relation to 3rd parties/suppliers o Business and Process Analysis