- Entry level
- No Education
- Salary to negotiate
PURPOSE OF THE ROLE
- Ensure that aspects of Business Protection (“BP”) including Business Continuity Management (BCM) and Information Security comply with the Group standard and local regulations (including MAS TRM Guidelines, MAS Outsourcing Notices and Guidelines, MAS BCM Guidelines).
- Implement BCM programme to ensure that all areas of Aviva can recover and continue its critical business processes in the event of a significant disruption.
- Work with business units across Aviva on implementing information security initiatives to comply with group and regulatory requirements.
- Develop and implement a robust BCM programme to address group/regulatory requirements and emerging risks.
- Conduct training / education programme to achieve full embedment of business continuity and information security awareness in the company’s culture.
- Responsible for promoting an environment where a risk management culture can flourish.
- Implement an appropriate BCM methodology and procedures (including Risk Assessment, Business Impact Analysis, Crisis Management/Business Continuity documentation, testing and awareness training) in accordance with the Group standard, local regulations and to address emerging risks.
- Lead and/or facilitate BCM exercise including guiding and engaging Crisis Management Team members in discussion in response to the crisis scenario.
- Provide business continuity and physical security inputs into Aviva’s outsourced projects and processes.
- Manage BCM reporting to Group and senior leadership team.
- Implement information security requirements across Aviva business units.
- Manage implementation of Data Loss Prevention tool to monitor outgoing confidential information sent from staff laptop/PC, email account.
- Conduct regular clear desk checks and ensure adequate processes and controls are in place to make sure the information security is of acceptable standards set by Company.
- Ensure business as usual activities for BP are performed, reported, monitored and reviewed / updated.
Effective Risk Management/Governance
- Member of the Incident Management Team in the event of a major Business Continuity or Disaster Recovery incident or crisis.
- Ensure effective BP related controls and processes are in place across business areas to ensure compliance to Group BP standard and local regulations.
- Identify risk/control gaps and propose solutions to improve the control environment relating to BCM and information security.
- Ensure key risks have been identified, measured, monitored, managed and reported.
- Established BCM framework and requirements are embedded within business processes for effective recovery of critical business operations in the event of significant disruption and compliance with Group standard and MAS BCM guidelines.
- Effective processes on Information Security are in place across business areas to ensure compliance to Group standard and local regulations.
- Data Loss Prevention tool is implemented and policies reviewed regularly to mitigate risk of loss of confidential data.
KEY PERFORMANCE INDICATORS
- Successful testing of components of the BCM programme.
- Timely development and distribution of complete and updated BCM documents.
- Good level of Business Continuity and Security Awareness and general acceptance and understanding of Business Continuity and Security throughout the Company.
- No significant findings relating to BCM processes.
- Timely implementation of Group Information Security policies and regulations, and resolution of gaps
SYSTEMS AND CONTROLS
- Conduct annual physical access review.
- Testing and review of BP Controls
- To work within budget allocated for BP related activities and/or materials.
- To implement BP initiatives in consultation with SLT and Senior Manager.
RELATIONSHIPS(INTERNAL & EXTERNAL)
- All departments, business continuity coordinators, Executive Management Team and Incident Management Team for BCM activities.
- Senior Management to ensure the support and buy-in of the BCM strategy throughout the company.
- Work with IT to implement IT initiatives to comply with group and regulatory requirements relating to BCM and information security.
- External vendors and associated third parties (e.g. for BCM, due diligence check, industry wide exercise).
- Auditors in relation to BCM and information security issues.
- University degree level or equivalent.
- Member of the Business Continuity Institute is an advantage
- At least 7-10 year experience in business continuity planning/management in the financial service industry, preferably in insurance sector.
- At least 3 year experience in risk management in the financial service industry, preferably in insurance sector.
- Experience in leading and/or facilitating BCM exercises including Industry Wide Exercise.
- Experience in conducting BCM training.
- Experience in project management role.
- Good knowledge of the principles surrounding Business Continuity Planning and Disaster Recovery.
- Good understanding of risk management framework and practices.
- Good knowledge of the Insurance operations.
- Good project management skills.
- Good communication and interpersonal skills – able to work with staff at all levels.
- Good writing skills – ability to create clear business requirements and documentation; and management reporting.
- Ability to work independently and within agreed boundaries and willing to take on new challenges.
- Good knowledge in MS Visio and all other Microsoft Office applications.
- Flexible and adaptable
About the company
We help our 33 million customers to save for the future and manage the risks of everyday life. To give these customers the best possible products and service we know we must make Aviva the most attractive choice for talented, entrepreneurial people with diverse backgrounds and an evolving range of expertise and insight.
So, we’re passionate about helping our 29,600 people to do the best work of their lives, to enable them to make a positive difference to the lives of our customers.