Governance Risk And Assurance [Head of Cyber Incident Management]
Posted a month ago
- Guildford, Surrey
- Any
- External
- Expires In 2 months
About the Role
We have a new opportunity within Protection and Resilience as Head of Cyber Incident Management, this is a key role within the Operational Resilience Team, where you'll be responsible for ensuring the organisation's ability to respond effectively to disruptions directly to our organisation or the supplier chain relating to a cyber event.
You'll ensure that appropriate cyber related incident and crisis management playbooks exist and are maintained, whilst continually improving the approach to cyber crisis and incident management across AZH, including taking the lead on playbook execution for specific crises or incidents.
Working closely with the Head of Business Continuity Management and the Crisis and Incident Manager to ensure that the design and execution of a multi-year test plan covers key cyber aspects and proactively assesses and validates the operational resilience across AZH.
You'll be responsible for providing an overview of cyber related operational resilience lessons learnt across AZH, including reporting on lessons learnt, and assessing whether insights gained are being embraced by, and implemented into the 1st line and into related functions.
Key Responsibilities
Incident and Crisis Management
Managing and leading cyber security crises including within the business’s supply chain, ensuring proper assessment, containment, mitigation and documentation in a complex global enterprise
Implementing breach response best practices and upkeep of cyber incident response plans, standard operating procedures and cyber incident response playbooks, ensuring these are communicated and understood throughout the business, and that relevant individuals are suitably trained to execute their role in incidents or crises
Initiating Cyber Forensics and digital investigation requirements to support response and recovery process as needed
Maintaining detailed tracking plans of all internal/external outcomes/recommendations and providing support through to implementation
Identifying trends from cyber incidents and proposing improvements to address any weaknesses
Working closely with Information Security and IT teams to improve cyber related to controls
Cyber Resilience Testing
Defining and agreeing a strategy for how to use testing to demonstrate cyber resilience and/or identify vulnerabilities, including how to prioritise how and when to test different IBSs and business assets
Building, developing and refining a cyber scenario library that summarises a range of severe but plausible scenarios that can be used for testing purposes
Contributing to the development of the multi-year resilience testing plan, including disaster recovery testing, based on the strategy
Facilitating regular cyber testing and exercises to validate the effectiveness of the business continuity plans, evaluating the results, identifying areas for improvement, and updating the plans accordingly
Ensuring disaster recovery testing complements and supports the multi-year scenario test plan to ensure full resilience testing is undertaken
Operational Resilience Lessons Learnt
Creating a central summary of key insights and lessons learnt from tests and incidents from across the business, ensuring these are being embedded into business operations and activities and reporting to AZH Board
Governance and Reporting
Establishing key performance indicators (KPIs) and metrics to measure the effectiveness of the business continuity, incident management and testing programmes from a cyber perspective, regularly monitoring and reporting on these metrics to senior management, highlighting areas for improvement and recommending corrective actions
Alignment and engagement
Build strong relationships with key stakeholders across the organisation, including senior executives, department heads, and business unit leaders, ensuring their business continuity needs are understood and incorporated into the overall program
Maintaining links with Risk, Compliance, Information Security and ITSCM functions in particular in order to align activities with key business risks and risk processes and reporting
Collaborating with external partners, regulatory bodies, and industry peers to share knowledge, benchmark performance, and stay informed about emerging trends and regulations in business continuity management, incident management and testing.
#J-18808-Ljbffr
We have a new opportunity within Protection and Resilience as Head of Cyber Incident Management, this is a key role within the Operational Resilience Team, where you'll be responsible for ensuring the organisation's ability to respond effectively to disruptions directly to our organisation or the supplier chain relating to a cyber event.
You'll ensure that appropriate cyber related incident and crisis management playbooks exist and are maintained, whilst continually improving the approach to cyber crisis and incident management across AZH, including taking the lead on playbook execution for specific crises or incidents.
Working closely with the Head of Business Continuity Management and the Crisis and Incident Manager to ensure that the design and execution of a multi-year test plan covers key cyber aspects and proactively assesses and validates the operational resilience across AZH.
You'll be responsible for providing an overview of cyber related operational resilience lessons learnt across AZH, including reporting on lessons learnt, and assessing whether insights gained are being embraced by, and implemented into the 1st line and into related functions.
Key Responsibilities
Incident and Crisis Management
Managing and leading cyber security crises including within the business’s supply chain, ensuring proper assessment, containment, mitigation and documentation in a complex global enterprise
Implementing breach response best practices and upkeep of cyber incident response plans, standard operating procedures and cyber incident response playbooks, ensuring these are communicated and understood throughout the business, and that relevant individuals are suitably trained to execute their role in incidents or crises
Initiating Cyber Forensics and digital investigation requirements to support response and recovery process as needed
Maintaining detailed tracking plans of all internal/external outcomes/recommendations and providing support through to implementation
Identifying trends from cyber incidents and proposing improvements to address any weaknesses
Working closely with Information Security and IT teams to improve cyber related to controls
Cyber Resilience Testing
Defining and agreeing a strategy for how to use testing to demonstrate cyber resilience and/or identify vulnerabilities, including how to prioritise how and when to test different IBSs and business assets
Building, developing and refining a cyber scenario library that summarises a range of severe but plausible scenarios that can be used for testing purposes
Contributing to the development of the multi-year resilience testing plan, including disaster recovery testing, based on the strategy
Facilitating regular cyber testing and exercises to validate the effectiveness of the business continuity plans, evaluating the results, identifying areas for improvement, and updating the plans accordingly
Ensuring disaster recovery testing complements and supports the multi-year scenario test plan to ensure full resilience testing is undertaken
Operational Resilience Lessons Learnt
Creating a central summary of key insights and lessons learnt from tests and incidents from across the business, ensuring these are being embedded into business operations and activities and reporting to AZH Board
Governance and Reporting
Establishing key performance indicators (KPIs) and metrics to measure the effectiveness of the business continuity, incident management and testing programmes from a cyber perspective, regularly monitoring and reporting on these metrics to senior management, highlighting areas for improvement and recommending corrective actions
Alignment and engagement
Build strong relationships with key stakeholders across the organisation, including senior executives, department heads, and business unit leaders, ensuring their business continuity needs are understood and incorporated into the overall program
Maintaining links with Risk, Compliance, Information Security and ITSCM functions in particular in order to align activities with key business risks and risk processes and reporting
Collaborating with external partners, regulatory bodies, and industry peers to share knowledge, benchmark performance, and stay informed about emerging trends and regulations in business continuity management, incident management and testing.
#J-18808-Ljbffr
.webp "Apply4U | Sign Up")
.webp "Apply4U | Contact Us")
.webp "Apply4U | Sign up")
