The Business Continuity and Risk Officer at Lakeland Bank will maintain the enterprise-wide Business Continuity Plan (BCP) that incorporates the Business Impact Analysis (BIA) and risk assessment. This position will train management and employees in Business Continuity concepts and roles through periodic awareness sessions and assist in documenting department recovery plans. This individual will facilitate periodic tabletop exercises, document results and track lessons learned.
The Business Continuity and Risk Officer will perform an analysis of vendor Service Organization Control (SOC) Reports. Exceptions will be noted and included in a Business Line Memo which is communicated to the Business Owner with a copy of the Client User Entity Controls (CUEC). Documentation is tracked for completion and all information is entered into the vendor management system.
Business Continuity Process-
- Meet with each department manager (32 are currently designated) to:
- Assist with performing a Business Impact Analysis (BIA) for their department
- Based on the result of the BIA, assist them in documenting a Recovery Plan designed specifically for their department.
- Meet once a year with each department perform departmental BCP awareness sessions
- Using the information from all departments’ BIA documents, identify and prioritize critical operations at an enterprise level.
- Evaluate enterprise BIA assumptions, prioritize potential enterprise disruptions based upon severity, and performing a gap analysis based on past incidents
- Maintain an enterprise-wide BCP exercise program that incorporates the enterprise –wide Business Impact Analysis (BIA) and risk assessment.
- Assist Management in coordinating, facilitating and documenting annual Incident Management exercises. Lessons learned task list will be used to update departmental recovery plans.
- Make exercise results available for review by external auditors and regulators as directed by Senior Management.
- Third Party Service Organization Control (SOC) Reviews
- Perform Operational Risk Management related to third party vendors including SOC review (currently 60 per year)
- Review any supplemental information provided by the vendor’s management
- Document third party vendor SOC results in Business Line Memo and communicate the same to the line of business with Client User Entity Controls (CUES)
- Track third party vendor SOC results and Client User Entity Controls (CUES)in vendor management system
- Based on the totality of the review, inclusive of all vendor supplied information, assign a risk level to the vendor
- Update and maintain Risk Management SOC status tracking
- Ongoing enhancement of the SOC process to ensure proper due diligence, risk assessment and monitoring
- Perform any other related duties as required or assigned
Skills and Qualifications:
- Bachelor’s degree in a related technical or business area
- Minimum of 8 years of related experience and 5 years business continuity management responsibility
- Consistent demonstrated performance over several years of applying and improving business continuity professional including: risk evaluation and control, impact analysis, business continuity strategies, emergency response, business continuity plans, training programs, business continuity plan exercises, audit and maintenance and crisis communications.
- Solid understanding of disaster recovery methodologies and business continuity principles.
- Must be bondable.