Global Operational Resilience Specialist

Company Overview

Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.

Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

Global Operational Resilience Specialist

Office Location - North Dock One, 91/92 North Wall Quay, Dublin, D01 H7V7

This role is hybrid, 3 days in the office per week.

Interactive Brokers Ireland Limited ("IBIE") seeks an experienced Global Operational Resilience Specialist to serve as the accountable Lead for the organization's Operational Resilience program. This position will report directly to the Chief Risk Officer based at Interactive Brokers United Kingdom Ltd. in London, UK.

The goal of this position is to maintain and further develop the Operational Resilience Framework so that it:

• Complies with global regulations governing IBKR affiliates
• Accurately documents the firm's ICT resiliency capabilities (ICT = systems and data)
• Provides a structured approach for groups to respond to significant business disruptions and continue critical operations
• Reduces the risk of sustained outages

Key Responsibilities:

Governance

• Own and maintain all governance documentation for the Operational Resilience program – strategy, policy, procedures. 
• Own and maintain all governance documentation for the Business Continuity Management (BCM) program – Policy, Plan, WSP, Procedures/Standards.
• Ensure the firm can evidence compliance with what is in these documents.
• Work with senior leaders to maintain the list of critical business activities and set the risk appetite for Maximum Tolerable Downtime (MTD), which is currently 4 hours.
• Maintain all data and records in Fusion (and on Confluence for general staff access as required).

Operating model and business activities

• Enhance the documentation on the firm's operating model – business services and business activities.
• Present to senior leadership as required.

Assessment

• Ensure Business Impact Analyses for Groups supporting business activities remain accurate and complete. 
• Work with IT, ERM, Data Governance and HR to assess the resources (groups, systems, data, vendors) required to operate each business activity.

Planning

• Ensure that the firm's BCP accurately reflects capabilities and risk appetite.
• Benchmark the BCP against regulatory standards and client expectations and highlight gaps.
• Work with groups supporting critical business activities to build response plans for the failure of critical systems, data or vendors.
• Maintain all plans in Fusion and Confluence for ease of access in the event of a disruption, while also considering a non-networked solution.

Testing

• Coordinate annual testing of the BCPs with all IBKR location leads, HR and Facilities 
• Coordinate with the IT DR team to ensure the scope and timing of the annual DR test includes all critical business activities and systems.
• Review the results to check that actual recovery times meet stated Recovery Time Objectives (RTOs) and Maximum Tolerable Downtime (MTD) for all systems mapped to critical business activities. 
• Coordinate with Data Governance and Compliance to ensure data recovery strategies (replication, backup and recovery) meet Recovery Point Objectives (RPOs).

Culture and behavior

• Awareness: Work with teams across the firm to embed the concept of business services and activities and ensure the resources, mapping and plans are understood and can be executed. 
• Training: Build and work with the L&D team to ensure OpRes and BCM training is provided to all necessary staff at least annually.
• Represent IBKR to regulators on all matters, OpRes and BCM - written and verbal presentation

Integration

• Integrate the following programs:
• Incident management: Work with TOPS to embed the list of business activities into their process to categorize incidents and notify relevant managers.
• InfoSec: Work with InfoSec to embed the list of business activities into their process for categorizing incidents and notifying relevant managers.
• Disaster recovery: Work with the IT DR team to ensure that DR testing is conducted in the context of business activities and includes all systems required to operate those activities. Ensure that recovery plans and tests have targets and results that align with the maximum tolerable downtime for the business activity.
• Business continuity: Own the firm's BCM program and ensure that plans are in place and understood so that the response to loss of facilities or groups of people is structured and efficient.
• Third-party service provider (TPSP) management: Work with the IT TPSPM team to ensure that vendors are mapped to business activities, critical vendors are identified, and plans are in place for the loss of critical vendors.
• Infrastructure: Build and maintain a link between the hardware and software inventories and work with Infrastructure to understand redundancy for critical infrastructure/hardware. Build a list of single points of failure and determine the cost/benefit of resolution.

Skills & experience

• 10+ years' experience in business continuity or disaster recovery program at a finance, fintech or IT company.
• Deep understanding of US (and ideally global) regulation on BCM, DR, Vendor Risk Management and Operational Resilience and EU DORA – theoretical and practical.
• Solid IT knowledge – must be credible with IT management, including IT & cyber risks. 
• Demonstrated ability to execute business impact analyses, build response and recovery plans and execute tests.
• Ability to take regulations and guidelines and present practical, value-adding options for implementation.
• Experience using a GRC to manage data.
• Excellent presentation capabilities – oral and written.
• Ability to work with multiple teams in IT and business to integrate related programs for reporting purposes.
• Problem solver, practical, relentlessly driven to succeed, excellent relationship manager.

#LI-RB1