Summary of day-to-day responsibilities:

• Cyber & Resilience Exercise planners are key components in the organization’s strategy to improve cyber and operational preparedness and reduce risk.
• Cyber Exercise Planners contribute to the training and coordination between various cyber security and technology organizations and the Bank’s lines of business.
• Exercise Planners design, develop, facilitate, and evaluate cyber exercises, working with various technology and cyber security defense teams as well as Business Information Security Officers.
• Exercise planners work to formally assess the current level of resilience for applications hosted within bank and hosted/provided via third parties using a standardized methodology and framework and identify cyber risks, design threat scenarios, identify key stakeholders and participants, and execute the exercise against the planned scenarios.
• Exercises range from discussion-based to operations-based exercises, to include range-based exercises.
• Planners will be expected to work in a dynamic, fast-paced environment to design multiple exercises on a yearly plan.
• Planners will receive broad exposure across multiple organizational units and levels of leadership.
• Applicants should have a proven track record of being able to navigate successfully across organizational lines, a solid foundation of cyber security knowledge and demonstrated performance designing and executing a variety of exercise types, to include range-based exercises.
• This leader will work across various technology teams and areas to formally assess the current level of resilience for applications hosted within bank and hosted/provided via third parties using a standardized methodology and framework.
• This including gaining a deep understanding of how the application is used within bank to understand the level of resilience that is required, identifying dependencies down through the infrastructure layers, identifying the application’s ability to absorb and recover from impacts, and identifying specific actions that can be taken to raise the current resilience level. Specific responsibilities include:
o Work across technology, cyber, and business areas to develop plans to measure and increase the resilience of bank
o Work with technology owners to identify operational resilience risks in system design, operations, and/or architecture
o Collaboratively develop options to reduce identified resilience gaps and measure progress
o Leverage industry relationships to understand best practices in cyber and technical resilience
o Design, develop, and implement exercises focused on cyber and operational resilience that allow appropriate risk visibility and management in key areas such as technology concentration risk, third party provider risk, cloud risk, etc.

Must have:

• Cyber & resilience exercise planning and facilitation
• Cyber security experience
• Cyber response and management experience (Detection, containment, eradication, etc)
• Digital forensics exp
• Cyber defence experience
• High work ethic
• Self-learner and self-motivated
• Lead experience
• People management experience
• Experience speaking and working with large groups of stakeholders (internal and external)
• Cyber threat intelligence exp
• Mitre attack framework
• Experience designing and facilitating cyber & resilience exercises

Nice to have:

• Global banking experience
• Risk management experience
• Project management experience
• Military experience
• Technical or Information Security Qualifications to include HSEEP