Exciting opportunity for a Business Resilience SME with Energy/Commodity Trading experience to join a world leading Energy Trading company.
Please note: this is not a technical role and the team are looking for a Business-facing Disaster Recovery/Business Resilience SME with Energy/Commodity Trading experience to be able to understand the requirements of the business/Traders.
The Cyber Resilience Project is a business led, multi year transformation programme to ensure Trading & Supply can respond to and recover from a high impact, prolonged cyber attack, recognising that the risk of such an event is beyond T&S’s risk appetite.
It is intentionally not an IT led cyber security initiative. Instead, it focuses on business continuity, minimum viable operations, technology recovery sequencing, and workforce readiness, with the IT department engaged in a supporting role.
At a minimum, the question is what do the business teams need to ensure that they can continue trading in the event of a cyber-attack. Each Line of business is establishing their minimum viable requirements (process, tools, people, technology) and will then implement them.
The programme is positioned as business owned, with IT involved only after business requirements, risk appetite and minimum viable requirements insights are defined. Minimum viable requirements translate into MVC – Minimum viable company.
Programme Scope:
• Minimum Viable Company (MVC) definition per Line of Business
• Identification of critical processes, applications, infrastructure
• Recovery sequencing and acceptable downtime
• Business Continuity & Manual Workarounds
• Cyber Response Playbooks
• Technology recovery options
• Workforce readiness (“Cyber Ready Workforce”)
Each LOB are in different stages of the project lifecycle. Some are in execute and others in assess or define.
What is important is that the team do not need technology experts such as Cyber security, Cyber engineers, tech experts. We need people who have practical cyber and resilience expertise and can work with the business to help them determine their risk appetite and minimum viable requirements. The team do not need people to “make the technology” more resilient and secure – the internal IT teams will do that.
Roles & Responsibilities:
• Responsible for provided dedicated cyber resilience support to the area they are assigned to
• Provide cyber informed assurance that Line of Business resilience deliverables meet required scope, quality, and central programme standards
• Apply practical cyber and resilience expertise to work with the business to help them determine their risk appetite and minimum viable requirements
• Apply practical cyber and resilience expertise to guide solutioning of playbooks, critical actions, and viable manual or alternative workarounds
• Enable delivery through hands on support, templates, guidance, workshops and stakeholder engagement tailored to the Line of Business
• Surface risks, gaps and delivery bottlenecks early, acting as a conduit between the Line of Business, Business Resilience Lead and central programme team
• Accountable to the central programme Business Resilience SME. Ensures LoB approach and deliverables are in line with guidance and expectations of the central programm
• Provides practical and tailored sound-boarding guidance to the LoB and their Leadership when solutioning items such as critical actions to include in playbooks
• Support with local resilience readiness and cyber considerations for critical processes and solutioning of suitable alternative workarounds
• Surface risks and bottlenecks to their Project Manager and Focal before they become programme issue by being a conduit back into the central team
…