Operational Resilience Lead

Operational Resilience Lead – Guernsey Branch

The Operational Resilience Lead for the Guernsey Branch is a key leadership role responsible for ensuring the branch meets both global and local operational resilience requirements. Acting as the local representative of the Julius Baer Group’s Global Operational Resilience Programme, this individual will oversee the design, implementation and ongoing management of operational resilience activities tailored to the Guernsey jurisdiction, while ensuring full alignment with Group standards and regulatory expectations.

Governance & Oversight

• Serve as the Local Operational Resilience Responsible per JBG Global Operational Resilience Policy.
• Represent Local Operational Resilience with the existing Business Risk and Conduct Committee (BRCC), integrating key functions including Business Continuity Management (BCM), Information Technology (IT), Information Security (IS), Third-Party Risk Management (TPRM) and Data Management.
• Ensure effective implementation of global policies and procedures at the local level, adapting them where necessary to comply with local regulatory requirements.

Critical Function Management

• Coordinate with the local Head of IT and BCM to support and develop the identification, validation and documentation of local Critical Functions (CFs) and their associated Disruption Tolerances (DTs).
• Coordinate with local CF owners and Group to annually review and update CFs and DTs, submitting findings and recommendations for consolidation and approval.

Testing & Lifecycle Execution

• Develop and manage a multi‑year integrated testing plan for local CFs, aligned with the Group’s Operational Resilience Testing Standard.
• Plan, coordinate and execute end‑to‑end resilience tests, including business recovery and crisis management exercises.
• Prepare formal testing reports, documenting identified weaknesses, root causes and remediation plans.

Remediation & Continuous Improvement

• Track, validate and report on the progress of remediation measures for identified vulnerabilities.
• Escalate critical gaps requiring investment or cross‑functional resolution to the Local BRCC Committee and Group bodies.
• Promote a culture of proactive risk identification and continuous enhancement of recovery capabilities.

Reporting & Transparency

• Provide regular updates to the Group Operational Resilience Committee (ORCO) and Operational Risk Control (ORC) on local testing outcomes, incidents, risks and remediation status.
• Contribute to annual Group reporting submitted to the Executive Board Risk Committee (ExB RC) and Board of Directors Governance & Risk Committee (BoD GRC).

Awareness & Training

• Organise and deliver local resilience awareness programmes and training sessions for staff involved in critical processes.
• Ensure personnel with defined roles in recovery plans are fully trained and capable of executing their responsibilities during disruptions.

Cross‑Functional Collaboration

• Work closely with Information Technology Security Critical (ITSCM), IS, TPRM, Corporate Communication and business unit leaders to embed resilience across all critical domains.
• Coordinate with Zurich Head Office to leverage centralised tools, methodologies and support while maintaining local accountability.

Third‑Party Risk Management & Outsourcing

• Act as the Branch subject‑matter expert for third‑party risk management and outsourcing frameworks.
• Coordinate quarterly outsourcing and third‑party risk reporting, ensuring completeness, accuracy and timeliness.
• Chair the local Third Party / Outsourcing Sub‑Committee, driving effective oversight and challenge.
• Oversee and optimise the use of ServiceNow to support third‑party processes and reporting.

Cyber Security

• Act as the local point of coordination for cyber security matters, working closely with Group Information Security functions.
• Stay up‑to‑date with emerging cyber threats, risks, and regulatory expectations, ensuring local awareness and appropriate response.
• Facilitate and coordinate local cyber exercises, simulations and awareness initiatives.
• Engage key stakeholders across the business to strengthen cyber resilience and promote a strong security culture.

Information Security & Data Protection

• Support the implementation and ongoing maintenance of Information Security controls and practices within the Branch.
• Partner with Legal and Compliance to support local data protection obligations and regulatory requirements.
• Promote awareness and adherence to data protection standards across the Branch.
• Assist in the coordination of audits, reviews and assurance activities relating to information security and data protection.

Qualifications & Profile

• Strong stakeholder skills, able to work with and challenge people at all levels, including senior management and Group.
• Clear communicator, able to explain resilience and risk topics in a way that makes sense to the business.
• Proactive, comfortable working independently and dealing with change or unclear situations.
• Level‑headed under pressure, with good judgement when it matters.
• Easy to work with, builds good relationships and works with others to get things done.
• Strong understanding of operational resilience, outsourcing and risk frameworks, within a banking or regulated environment.
• Minimum of 5 years relevant experience.
• Experience in managing third‑party risk and outsourcing arrangements, including governance, oversight and reporting.
• Solid knowledge of business continuity and crisis management practices, including scenario testing and planning.
• Good understanding of cyber and information security principles, with the ability to engage effectively with Group functions and local stakeholders.
• Comfortable working with systems and management information, including tools such as ServiceNow, to support reporting and oversight.
• Confident in chairing committees and governance forums, able to guide discussion, provide appropriate challenge and ensure clear outcomes and accountability.