Head: Resilience Risk - Business Banking

The Head of Resilience Risk is responsible for coordinating, embedding, and overseeing the implementation of the Operational and Resilience Risk Management Framework (ORRMF) and Enterprise Risk Management Framework (ERMF) and its supporting policies and standards across Business Banking (BB), from the second line of defence.

Resilience Risk encompasses the risk of disruption to business operations, including but not limited to technology failure, information security compromise, data loss or impairment, unavailability of premises or infrastructure, ineffective disaster recovery, and inappropriate technology or change execution.

The role provides second line independent oversight, challenge, and thought leadership across all Resilience sub risk types, ensuring that effective governance, risk management discipline, and assurance are consistently applied across BB through the development and implementation of an appropriate resilience risk strategy.

• Own and maintain the BB Resilience Risk management approach aligned to the ERMF and ORRMF
• Establish and maintain BB-wide protocols, standards, and guidance to support consistent implementation of Group policies and standards
• Define, document, and communicate an annual Resilience Risk management plan for BB
• Oversee the quality, consistency, and effectiveness of framework application across Business Units
• Provide independent oversight, challenge, and advice on the management of Resilience Risk
• Oversee and provide guidance on the effective execution of core Resilience Risk processes
• Perform independent monitoring, check and challenge of first line Resilience Risk practices
• Lead BB Scenario Analysis and Capital Assessment processes for Resilience Risk
• Develop and maintain an annual BB Resilience Risk ongoing monitoring and combined assurance plan
• Establish effective engagement models between BB, Group Risk, and functional stakeholders

• Bachelor’s Degree in IT, Information Systems, Risk Management, or related discipline
• Postgraduate qualifications advantageous
• Minimum 10 years’ experience in Resilience risk types, primarily Technology, Information Security and Cyber risk, Data and Records Management risk, and Change risk
• At least 5 years’ experience at an Executive leadership level
• Strong knowledge of IT Risk, resilience risk, and relevant ISO/industry standards and regulatory frameworks
• Experience in risk governance, senior management forums, and assurance activities
• Third party risk, Change management and Business Continuity experience advantageous
• IT Audit exposure advantageous
• Professional memberships advantageous