Operational Resilience and DORA Delivery Consultants - 1LOD or 1.5LOD - eFinancialCareers : Job Details

Operational Resilience and DORA Specialist (SME's)

Position Overview:

I am working on behalf of Protiviti to identify and engage multiple interim Operational Resilience and DORA subject matter experts to support with the delivery of Operational Resilience and DORA projects  across Financial Services.

I am looking for proven hands-on delivery capability across the 1st and 2nd LoD (or 1.5 LoD), rather than pure BA/PM skillsets.

The Operational Resilience and DORA Specialists will oversee the organisation's compliance with the Digital Operational Resilience Act (DORA) and drive strategies to enhance operational resilience. This includes managing Third-Party Risk Management (TPRM), Exit Strategy Planning, Impact-Based Scenarios (IBS), and rigorous Testing protocols to mitigate risks and maintain continuity.

Key Responsibilities:

1. Operational Resilience Implementation:

• Develop and implement the operational resilience framework in alignment with DORA requirements and industry best practices.
• Identify important business services (IBS) and map dependencies to IT systems, third parties, and internal processes.
• Collaborate with cross-functional teams to define and execute resilience strategies.

2. DORA Compliance:

• Ensure compliance with DORA regulations, including ICT risk management, incident reporting, and oversight of third-party service providers.
• Maintain a repository of DORA-mandated documentation, including resilience strategies, risk assessments, and testing results.
• Coordinate with legal and compliance teams to stay updated on evolving regulatory expectations.

3. Third-Party Risk Management (TPRM):

• Manage third-party risk assessments, ensuring service providers meet resilience and security standards.
• Conduct due diligence on critical third-party vendors, focusing on financial stability, ICT security, and incident management capabilities.
• Regularly review and update third-party contracts to include resilience requirements such as testing participation, SLAs, and exit provisions.

4. Exit Strategy Planning:

• Develop robust exit strategies for third-party services (including Cloud providers) to ensure continuity during disruptions or vendor offboarding.
• Establish plans for data migration, service transition, and mitigation of operational impacts during service provider transitions.
• Test exit strategies periodically to identify gaps and refine processes.

5. Impact-Based Scenarios (IBS):

• Design and implement impact-based testing scenarios simulating operational disruptions.
• Analyse IBS results to assess preparedness and inform improvements to the resilience framework.
• Coordinate IBS exercises with stakeholders, including third parties, to validate resilience strategies.

6. Testing and Assurance:

• Develop and execute operational resilience testing plans, including penetration testing, disaster recovery testing, and business continuity exercises.
• Monitor results and create action plans to address identified weaknesses.
• Ensure alignment of testing practices with DORA and industry standards.

7. Incident Management and Reporting:

• Establish a robust incident management framework to address ICT-related disruptions.
• Lead post-incident reviews and ensure timely submission of reports to regulators as required by DORA.
• Develop dashboards and metrics to track and report on resilience performance.

Required Skills:

• Proven experience in operational resilience and DORA.
• Familiarity with regulatory frameworks
• Experience with TPRM, IBS design, and exit strategy planning.
• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management abilities.