JOB IDENTIFICATION

JOB TITLE: Business Continuity Officer
POST LEVEL: TASK 16
DEPARTMENT: Enterprise-Wide Risk
REPORTING LINE: General Manager Enterprise-Wide Risk
DIVISION: Enterprise-Wide Risk
LOCATION / CENTRE: Sandton
CONTRACT TYPE: Full time


PURPOSE OF THE JOB
To develop business continuity management programs, reviewing company BCM policies and plans, and
advising management on possible risks to ensure a that the organization functions in a legal and ethical
manner while meeting its business goals.
The mandate of Business Continuity Management Officer is to ensure an effective enterprise Business
Continuity Management (BCM) governance framework that is consistent with general regulatory
requirements and industry’s best practices/standards are developed, maintained and adhered to.
Ensures that an auditable governance framework, consistent with general regulatory requirements for
BCM across jurisdictions in which the NHFC operates, is developed, maintained, and adhered to across the
Enterprise, so that the NHFC is appropriately prepared for, and can
respond to unexpected disruptions to normal activities

JOB DESCRIPTION

Key Performance Areas Key Activities
Managing Business Continuity
Management Function
40%

• Develop the BCM policies, frameworks, guidelines and plans
linked to latest BCM guidelines and leading practice.
• Developing materials at an institutional level for distribution
to all employees to enhance awareness of compliance
activities, including posters.
• Develop corrective action plans for problematic issues and
provides guidance on resolution and future prevention and
mitigation.
• Exercises discretion and use of independent judgement with
respect to matters of significance.
• Stay abreast of changes in regulation, guidance and best
practices and inform management on compliance changes
that may affect the organisation.
• Provide guidance and assistance to management in
coordinating and overseeing an effective BCM program in line
with current industry best practices, regulatory guidance and
requirements.
• Assist various departments in evaluating policies and
procedures for compliance with relevant BCM legislations and
regulations.
• Identifies potential areas of BCM vulnerability and risk
through analysis and assessment.
• Review the proposed business continuity and disaster
recovery plans for design, completeness, and overall
adequacy.
• Monitor the effectiveness of the recovery and control of
operations and recommend improvements to the SCP.
• Part of a team of BCM-risk management professionals who
work with senior management in all lines of business to
coordinate business continuity governance activities.
• Contribute to the development and maintenance of the
enterprise-wide business continuity management program
including development of tools and instructional guides for
both businesses.
• Contribute to establishing and maintaining program
processes and practices which effectively ensure that the
enterprise program remains current and incorporates/aligns
with industry standards and practices as appropriate, and
adequately covers general regulatory requirements.
• Supports and/or leads processes that support NHFC BCM
governance requirements as part of the enterprise
operational risk framework (as assigned).
• In a relationship management capacity, provides guidance
and direction to stakeholders to ensure their business
continuity management processes are in accordance with the
NHFC's enterprise-wide business continuity management
program and quality standards.
• Review of documentation, with Business Continuity
Management owners, as well as the Business Process owners
• Participates as independent business continuity professional
in support of various
• Other initiatives to achieve the risk management objectives of
EWRM.
• Provide subject matter expert for business continuity
management.
• Participates in external business continuity management
organizations and keep abreast of industry best practices and
trends.
• Facilitate the development of a comprehensive Business

Continuity Management Process Includes:
• Crisis Management
• Crisis Communications
• Business Resumption Planning
• IT Disaster Recovery Planning
• Evaluate the Following:
• Standards, Policies and Procedures
• Relationships with External Agencies and Authorities
• Training and Awareness Materials
• Budgetary Documentation
• Documented plans
• Recovery Location/ Hot-site Contracts
• Test Results
• Service Level Agreements
• Regulatory Requirements
• Supply Chain/ Vendors and Network
Key Performance Areas
Key Activities
whom they support (In order to better understand their
expectations).

Business Continuity Management
implementation
40%

• Implementation and management of the business
continuity management (BCM) function.
• Overseeing and monitoring the BCM through the
development of applicable policies, frameworks and plans.
• Periodic revision of BCM program in light of changes in the
applicable legislation.
• Overseeing and monitoring the implementation of the BCM
program.
• Coordinating internal BCM review and monitoring
activities, including periodic reviews of departments.
• Provide an annual holistic opinion on the effectiveness and
adequacy of BCM, control, and governance processes.
• Supports BCM management through risk identification,
control testing and process improvement procedures
• Aid in the improvement of tools to monitor, analyse, and
report on BCM
• Prepare and facilitate BCM simulation sessions
• Prepare reports for senior management and external
regulatory bodies as appropriate
• Maintain effective practices and procedures for BCM
• Identifying the lessons learned from the disaster and the
recovery operations.
• Periodically monitor the effectiveness of NHFC's
BCPs/DRPs to ensure the timely resumption of operations
and processes after adverse circumstances reflects the current business operating environment.
• Manage the development of business continuity plans
(BCP).
• Identification of business continuity requirements and
solutions.
• Identification of risks to business continuity, mitigation
actions and implementation follow-up.
• Manage the annual business continuity test plan.
• Develop and maintain training and awareness program and
collateral.
• Main all administration of the BCM System.

Internal Audit:
• Assist with facilitating and attending Internal Audit
meetings
• Monitor progress against the IA plan and ensure that the IA
team reports on progress quarterly and where required
ensure action plans are in place to address non
achievement
• Ensure IA submit an annual plan and charter for approval
• Ensure that the IA plan is risk based

Key Performance Areas Key Activities
• Keep record of and track all IA findings. Ensure that all
business units respond to relevant findings
• Prepare reports on IA progress
Assist with strategic and operation risk management
• Assist with development of operational risk registers
• Assist with facilitation of operational risk assessments
• Assist with risk management training
• Assume management responsibility for Business contingency planning efforts with a major focus on assuring the adequacy of business unit contingency plans for critical
business areas, functions and applications.
• To maintain continued operations, asset protection, and
loss mitigation in the event of a disruption, coordinating
activities of technology resources with the company's
business units and development groups, as required.
• Work with business unit management to enhance
contingency plans, mitigating the effect of a technology
system or application failure or problem. Key objectives are
that business units can continue to manage the firm's
assets, satisfy our regulatory obligations, and maintain our
presence in the marketplace.
• Perform periodic reviews and tests of established Business
Continuity Plans and
• procedures, reporting findings to management and making
recommendations for improvements as needed.

Key Performance Areas Key Activities
Business Continuity Management
awareness and training and
reporting
20%

• Development, coordination and participation in routine
multifaceted educational and training programs that focus
on the elements of the BCM program thus striving to ensure
that all appropriate employees and management are
knowledgeable of, and comply with, BCM policies,
procedures and plans.
• Develop awareness program and material for the NHFC.
• Monitor the performance of the BCM programs and related
activities, taking appropriates steps to improve its
effectiveness.
• Developing, coordinating, and participating in a
multifaceted educational and training program that focuses
on the elements of the BCM program, and seeks to ensure
that all appropriate employees and management are
knowledgeable of, and comply with, pertinent standards.
• Conduct routine and/or focused reviews of policy/procedure
adherence as well as coordinating audits generated by
external sources.
• Oversee and monitor the activities and undertakings of
BCM, consistent with the strategic direction, compliance
with relevant regulations and operating objectives
approved by the Board.
• Implementation and management of the business
continuity management (BCM) function.
• Prepares and conducts BCM compliance audits.
• Prepare reports for Management and the Board of Directors
concerning the BCM function including scope and results of
audits.
• With the CEO and other members of Executive team,
ensure the implementation of the strong BCM controls and
report to Board in a timely manner on deviations.
• Ensure the accuracy, completeness, integrity and
appropriate disclosure for BCM.
• Carry out any other appropriate duties and responsibilities
assigned by the management.
• Implementation and management of the business
continuity management (BCM) function.

• Ability to provide advice on regulatory
requirements for BCM.
• Ability to facilitate the management of
BCM within the organisation.
• Ability to Develop and implement BCM
policy, processes and procedures.
• Ability to ensure that BCM standards and
procedures have been adhered to.
• Ability to monitor and report on BCM
• Ability to provide monthly reports on BCM.
• Business Continuity Management practices
and protocols, including in-depth
knowledge of international BCM standards
promoted by BCI and DR. and ISO
• A strong understanding of Operational risk
and resilience, Business Process
improvement methods as well as risk
related control frameworks and practices
(COCO, COSO, ISO, ITIL, CMM, COBIT,
etc.).

• Extensive knowledge of regulations and
guidance and best practices surrounding
them.
• Ability to work independently, as well as
collaboratively within a team environment.
• Ability to interact effectively with all levels
of management, legal counsel, law
enforcement, regulators and examiners
while maintaining strict confidentiality.
• Strong decision making, analytical and
investigative abilities with attention to
detail and accuracy.
• Ability to manage the Business continuity
function

NHFC COMPETENCIES
Job Specific Competencies:
Business Continuity
Management
Administrative Support
Analytical Skills
Communication Skills
Corporate Governance
Financial Management
Job Knowledge/Technology
Monitoring & Evaluation
Problem Solving
Risk Management

Attributes:
Attention to Detail
Continuous Learning & Development
Initiative
Professionalism
Quality Management/Assurance
Values and Ethics

REQUIRED QUALIFICATIONS AND EXPERIENCE
Qualifications
Minimum Requirement: A Bachelor's Degree in
Business Continuity Management, business
administration, finance, economics or related
financial institution experience.
certification(s) preferred.

Certification: Required: Business Continuity
Certified Expert or Business Continuity Certified
Planner.
Optional: IRMSA: Risk Management Practitioner.

Membership: BCM Institute (must) and/or IRMSA

Preferred Requirement: Above similar qualification


Experience
Minimum Requirement: 5 to 8 years of exposure to
internal
Business continuity /risk management.

Preferred Requirement: Above experience in a
similar environment