Business Continuity Manager at I&M Bank

I&M Bank

  • Kenya
  • Permanent
  • Full-time
  • 16 days ago
I&M Bank is a wholly owned subsidiary of I&M Holdings Limited, a publicly quoted company at the Nairobi Securities Exchange (NSE). The bank possesses a rich heritage in banking.Business Continuity ManagerJob Purpose
  • The Business Continuity Manager - Second Line of Defense is responsible for providing independent oversight, governance, and challenge to the Banks' business continuity and crisis management capabilities. As part of the Enterprise Risk Management (ERM) team, the role ensures that the first line develops and maintains robust, effective, and compliant Business Continuity Plans (BCPs), Disaster Recovery Plans (DRPs), and Crisis Management strategies.
Key ResponsibilitiesGovernance & Framework Management
  • Ensure that the enterprise-wide Business Continuity Management (BCM) Policy, Framework, and Standards are compliant with relevant legislation and regulatory guidelines.
  • Ensure alignment between BCM and the overall enterprise risk management strategy, risk appetite, and operational resilience goals.
  • Define Ensure that the planning and testing requirements developed by first line are fit for purpose and monitor compliance by the first line.
Independent Oversight & Challenge
  • Review and challenge Business Impact Analyses (BIAs), BCPs, DRPs, and Crisis Management Plans developed by the business units.
  • Validate Review recovery strategies and assess alignment with Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
  • Provide assurance on the quality and completeness of business continuity documentation and readiness.
Testing & Assurance
  • Ensure that enterprise-wide testing protocols (e.g., tabletop, simulation, full interruption) are fit for purpose and compliant with legislation and regulatory requirements.
  • Monitor and evaluate the effectiveness of business continuity testing conducted by the first line.
  • Hold first line accountable for the remediation of findings and validate closure of continuity-related issues and gaps.
Training & Awareness
  • Evaluate the quality of training materials and awareness programs developed by first line to build business-wide resilience culture.
Crisis & Incident Support
  • Evaluate the performance of the Crisis Management Team during major incidents or disruptions and make recommendations first line for improvements.
  • Ensure crisis communications and escalation protocols follow organizational policy.
  • Contribute to post-incident reviews (PIRs) and recommend lessons learned and enhancements.
Metrics & Reporting
  • Review the performance of BCM Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) as defined by the business units and make recommendations on improvements.
  • Prepare regular reports to the Board of Risk Committee, and regulators.
  • Support internal audit, compliance reviews, and external regulatory inspections related to continuity planning.
Regulatory & External Liaison
  • Ensure compliance with relevant standards and frameworks, such as ISO 22301 (Business Continuity Management) and Prudential guidelines
  • Liaise with external auditors, assessors, and third-party vendors where BCM assurance is required.
Job Dimensions:Key Interfaces
  • First Line Business Units and Process Owners
  • Operational Risk and ERM Colleagues
  • IT Disaster Recovery and Cybersecurity Teams
  • Facilities and Physical Security
  • Internal Audit and Compliance
  • Regulators and External Assessors
Performance Indicators
  • % of critical BUs with independently reviewed BCPs/BIAs
  • % of continuity plans tested within cycle
  • Closure rate of BCM audit and risk findings
  • Regulatory compliance ratings related to continuity
  • Improvements in BCM maturity assessments
Job SpecificationsAcademic Qualifications
  • Bachelor's degree in a related field.
  • Demonstrated experience in second line of defense roles or governance functions.
  • Professional Qualifications / Membership to professional bodies/ Publication
  • Certification in Business Continuity or Resilience, CBCP (Certified Business Continuity Professional), MBCI (Member of the Business Continuity Institute), ISO 22301 Lead Implementer.
  • Understanding of IT Disaster Recovery, cyber resilience, and third-party risk management.
Work Experience Required
  • 5+ years’ experience in Business Continuity, Operational Resilience, or Enterprise Risk Management.
Competencies:
  • Strong understanding of BCM and ERM frameworks and how they integrate.
  • Excellent analytical, critical thinking, and risk-based decision-making skills.
  • Ability to provide independent challenges while constructively enabling the business.
  • Effective communicator with strong interpersonal and stakeholder engagement skills.
  • Skilled in reporting, presentation, and documentation for senior leadership and regulators.
Don't Keep Share!:

Jobs in Kenya