Resilience & Third Party Oversight Manager

Job Purpose:

The purpose for this role is to support the Hof Operational Resilience & Third Party Oversight and manage the direct team in both: 1) the execution/ongoing management of EAB’s Operational Resilience programme (covering both UK and EU regulatory requirements) & also 2) the oversight capabilities around Outsourcing and Third Party Risk Management.

An opportunity for a motivated individual, with an adaptable approach to work. The candidate will have the opportunity to demonstrate strong knowledge of business resilience (incl. cyber resilience), and third party oversight skills as this role offers exposure to all levels and areas of the bank.

Principle Accountabilities and Duties:

Manage and coordinate the bank’s Operational Resilience activities:

• Working directly with the business, ensure that EAB’s Important Business Services (IBSs) and associated resource mapping of critical processes remain current and are maintained over time. Ability to see products and services from a customer’s point of view.

• Ensure Digital Operational Resilience Act/DORA compliance, by coordinating the activities required across all DORA pillars: ICT Risk Management, ICT related Incident Reporting, Digital Resilience Testing, Information Sharing, ICT Third Party Risk and General Governance Principles.

• Plan and execute scenario testing by considering combinations of tests across the 5 pillars – people, technology, facilities, information/data and 3rd party/outsourced arrangements (incl. intra-group outsourcing) and beyond – engaging and collaborating with stakeholders across the organisation. Design and oversee regular testing exercises to evaluate the effectiveness of Digital Resilience and Cyber Security (in line with DORA requirements), contributing to the Bank’s overall resilience.

• Support the embedding of data management culture into the organisation (part of information/data operational resilience pillar). Understanding, interpreting and documenting the bank’s data flows in the critical processes.

• Track the remediation plans of open vulnerabilities associated with EAB’s IBSs, ensuring they stay on track for delivery. Ensure any new vulnerabilities are detected in a timely manner including by analysing past Operational Risk Events/Operational Risk Issues (OREs/ORIs).

• Provide regular MI and ensure the Operational Resilience Self-Assessment is updated in preparation for the Board approval on an annual basis or as required (given specific changes to EAB’s IBSs).

• Ensure Operational Resilience and Third-Party Risk Management tool (once implemented) is utilised effectively and efficiently within the whole organisation. Aim to continually improve the effectiveness and efficiency of the resilience function’s processes.

• Stay up to date with current developments in the industry including upcoming regulation, cyber risk landscape, technical advancements and current trends to bring relevant insights into EAB.

Manage and coordinate the bank’s Outsourcing/Third Party Risk Management oversight activities:

• Act as the main point of contact for outsourcing/third party management related queries across the organisation, including intra-group outsourcing.

• Engage in the bank’s end-to-end Outsourcing/Third-Party Risk Management processes, including due diligence reach outs and service provider’s performance monitoring in collaboration with Vendor Relationship Owners.

• Maintain the Outsourcing/Third Party Register up-to-date, ensuring EAB’s third party/outsourcing relationships are accurately captured, monitored and reported.

• Contribute to the tactical approach of understanding and bringing the relevant service providers to a certain resilience baseline, considering also DORA requirement for ICT service providers.

• Produce and present regular reporting to a range of stakeholders across the organisation and committees.

Other Overall Activities:

• Support the maintenance of internal educational materials (namely content on EAB’s Intranet and training materials) in relation to resilience and third party oversight areas.

• Provide company-wide or ad-hoc training as the SME within the resilience and third party oversight.

• Represent the third party risk management and operational resilience elements in any relevant projects as part of the Business Transformation book of work.

• Review and update the relevant policies/frameworks as per required frequency or when changes occur (considering regulatory changes).

• Successfully collaborate with all business units, operational and IT teams to drive a collaborative firm-wide approach to business resilience. Continue to build stakeholder relationships and demonstrate effective stakeholder management and conflict resolution.

Qualifications, Knowledge, Skills, Experience Required:

• Around 6 years of experience within Financial Services and/or Consultancy (familiarity with banking products and services required).

• Strong knowledge of the FCA/PRA Operational Policy Statement and EBA Outsourcing Guidelines. Understanding of EU Digital Operational Resilience Act (DORA) and EU GDPR regulation is required.

• Able to influence others and to manage junior member(s) of the team. Comfortable working independently and also as part of the wider team.

• Able to adapt to changing priorities while working under pressure to meet set deadlines.

• Thrives off learning new skills and challenging himself/herself by bringing creative solutions to the team.

• Excellent analytical skills with the ability to grasp new concepts easily and to adapt within a changing environment.

• Methodical, with keen attention to details and excellent organisational skills required for planning, reporting, problem-solving.

• Strong expertise in using Microsoft applications (including Excel, Visio). Previous experience in producing PowerPoint presentations for senior management/audiences is required.