Director, Cyber Resiliency, Business Continuity & Disaster Recovery

Position Title

Director, Cyber Resiliency, Business Continuity & Disaster Recovery

Location

Hicksville / 102 Duffy Avenue / 3797

Job Summary

The Director of Cyber Resiliency, Business Continuity, and Disaster Recovery will lead and oversee the institution's strategies to ensure the resilience and continuity of business operations in the event of cyber threats, major system outages, or disasters.

The successful candidate will be responsible for developing, implementing, and maintaining comprehensive plans that minimize risks and ensure rapid recovery and continuity of critical business functions.

Additionally, the Director will manage a team of Business Continuity Planning (BCP) and Disaster Recovery (DR) staff.

This role will work in conjunction with IT senior management to develop the strategy and direction of the cyber resilience, business continuity, and disaster recovery program for Information Technology and the overall bank.

They will ensure BCP / DR plans comply with relevant regulatory requirements and industry standards and ensure that external service providers meet the bank's recovery requirements and standards.

This director leads a team that ensures effective risk management and escalation of issues to IT senior leaders. The director will partner with IT risk and security teammates as well as IT leaders to conduct testing of resiliency plans, business continuity and disaster recovery plans, execution of scenario testing for ransomware, extortion, failure facilities, datacenter operations, or business disruption due to natural, environmental, or manmade threats.

Pay Range : $126,000.00 - $190,000.00 - $254,000.00

Job Responsibilities :

• Develop and implement a strategic roadmap for cyber resiliency, business continuity, and disaster recovery; lead the creation, maintenance, and testing of business continuity and disaster recovery plans;
• align the institution's cyber resiliency strategy with overall business objectives and regulatory requirements; manage and mentor a team of BCP and DR staff, providing guidance, performance feedback, and professional development opportunities;

assign tasks and projects to team members, ensuring alignment with departmental goals and priorities; and foster a collaborative and high-performance team culture.

Assist with career development and enhancement of the team. Responsible for talent management functions including employment, performance evaluations, staff development / training, disciplinary actions, succession planning and ensuring all staff comply with compliance requirements.

• Ensure that recovery plans are up-to-date, effective, and aligned with business needs; coordinate with IT and business units to validate and test recovery procedures;
• partner with the Security Operations and Incident Response teams to support incident response efforts; oversee scenario testing for ransomware and extortion attacks, ensuring preparedness and effective response;

develop and execute simulation exercises to test the effectiveness of incident response and recovery plans; provide support during actual incidents, ensuring swift resolution and minimal impact.

• Ensure that data backups are immutable and air-gapped to protect against cyber threats; develop and maintain strategies for data restoration in alignment with business requirements and recovery time objectives (RTO);
• regularly test backup and recovery processes to ensure data can be restored in a timely and efficient manner; plan and execute disaster recovery (DR) testing at both the datacenter and application levels;

conduct regular failover and fallback testing to ensure systems can be recovered and restored effectively; document and report on the results of DR tests, identifying areas for improvement and implementing corrective actions.

• Stay current with emerging threats, trends, and best practices in cybersecurity, business continuity, and disaster recovery;
• identify opportunities for process improvements and implement changes to enhance resiliency capabilities; benchmark the institution's practices against industry standards and peer organizations;

maintain and report operational and board level KRIs and adjust program accordingly based on thematic trends and patterns.

• Performs special projects and additional duties and responsibilities as required.
• Consistently adheres to regulatory and compliance policies and standards linked to the job as listed and complete required compliance trainings.

Accountable to maintain compliance with applicable federal, state and local laws and regulations.

Job Requirements :

• Undergraduate Degree (4 years or equivalent) in Information Security, Computer Science or related field required.
• Masters Degree preferred.
• CISSP certifications preferred
• 7+ Years of overall IT experience with a minimum of 5+ years in cyber resiliency, business continuity, and disaster recovery required.
• Certified Business Continuity Professional (CBCP), or Master Business Continuity Professional (MBCP) is preferred
• Extensive experience in building and managing comprehensive cyber resiliency and disaster recovery programs.
• Proven track record in developing, implementing, and testing business continuity and disaster recovery plans.
• Demonstrated experience in managing regulatory compliance and ensuring alignment with industry standards (e.g., FFIEC, NIST, ISO,DRII, and BCI).
• Experience in conducting risk assessments and developing mitigation strategies.
• Hands-on experience with data protection strategies, including ensuring data backups are immutable and air-gapped.
• Experience in overseeing scenario testing for ransomware and extortion attacks.
• Skill in managing relationships with stakeholders, including senior management, IT teams, and external auditors.
• Excellent verbal and written communication skills to convey complex resiliency, continuity, and availability risk concepts to non-technical stakeholders.
• Ability to negotiate and influence stakeholders to implement necessary risk management measures.
• Experience in fostering collaboration and teamwork across departments to resiliency and continuity management goals.
• Sound judgment and decision-making skills to make timely and informed risk management decisions.
• Experience in managing cyber resiliency, business continuity, and disaster recovery testing projects and initiatives from inception to completion.
• Skill in developing comprehensive cyber resiliency, business continuity, and disaster recovery programs aligned with organizational strategy.
• Continual learning and professional development to stay updated on emerging IT, cyber and availability risks and industry trends.
• Ability to recruit, develop, and retain skilled cyber resiliency, business continuity, and disaster recovery professionals.
• Ability to innovate and implement new approaches to mitigate emerging cyber resiliency, business continuity, and disaster recovery risks.
• Essential travel as required
• Physical demands (ADA) : No unusual physical exertion is involved.
8 hours ago