IT Continuity Management Program Manager

Job description

As an IT Continuity Program Manager, you will be responsible for ensuring the uninterrupted operation of Garrett IT systems and services in the face of various disruptions such as natural disasters, cyber-attacks, equipment failures, or other emergencies.

You will develop and maintain strategies, policies, and procedures to minimize downtime and data loss, while also overseeing the implementation of business continuity and disaster recovery plans.

Your role will involve collaborating with various departments such as with Infrastructure service owners, Application Owners, Plant IT and non-manufacturing site IT focals etc to assess risks, identify critical systems and processes, and develop mitigation strategies to safeguard the organization's IT infrastructure

Plan and execute business & application impact analysis to identify the critical assets, periodically test disaster recovery plans and assure recoverability and resilience of critical IT applications & infrastructure.

Support TISAX certification program for critical plants/engineering R&D locations and support & coordinate for organizational level security certifications.

Key Job Areas of Responsibilities

2.1. Business Continuity Planning

Establish, implement, maintain, and continually improve IT Continuity Management System (ITCM), including the processes needed and their interactions, based on ISO 22301 and NIST 800-53, as determined by the Enterprise ITCM Governance Council.

Regularly monitor, measure, analyze, and evaluate its ITCM to ensure its implementation is consistent with organization Policy, Standard, and the requirements of the ITCM.

Observed nonconformities are addressed and ensure they do not recur.

Conduct internal assessment and coordinate internal and external audits at planned intervals to provide information on whether the ITCM conforms to organization Policies, Standards, and other industry standards.

- Develop and maintain comprehensive business continuity and disaster recovery plans for IT systems and services.
- Identify critical IT assets, applications, and infrastructure components essential for business operations.
- Work with Busioness fnctions to identify critical process and workaround to continue busines without IT dependence during cyber Crisis (Functional Cyber BCP)
- Conduct risk assessments and business impact analyses to prioritize recovery efforts and allocate resources effectively.
 

2.2. Risk Management

Perform Risk Assessments covering the risks to which the critical processes, activities, applications, and infrastructure systems identified in a BIA or AIA are subject as needed or on the periodic basis defined in the Control of Documented Information Procedure.

Develop strategies based on outputs from the BIA, AIA, and Risk Assessment as needed or on the periodic basis defined in the Control of Documented Information Procedure.

This includes, helping business and functional team on determining proper Backup and Restore strategies of setting right threshold of RPO (Recover Point Objective) and RTO (Recovery Time Objective).

Perform periodic reviews and tests of established IT Continuity Plans and procedures, reporting findings to management and making recommendations for improvements as needed.

Training personnel with IT Continuity responsibilities shall focus on familiarizing them with their assigned role(s) and teaching them the skills necessary to accomplish that role(s).

- Identify potential threats to IT infrastructure and assess their impact on business operations.
- Implement risk mitigation strategies to minimize the likelihood and impact of disruptions.
- Stay updated on emerging threats and vulnerabilities in the IT landscape and adjust continuity plans accordingly.
 

2.3 Policy Development:

- Establish IT continuity policies, standards, and procedures in alignment with industry best practices and regulatory requirements.
- Ensure compliance with relevant laws, regulations, and industry standards pertaining to IT continuity and disaster recovery.

2.4 Plan Testing and Maintenance:

- Coordinate and conduct regular testing of business continuity and disaster recovery plans to validate their effectiveness.
- Document test results, identify areas for improvement, and update plans accordingly.
- Schedule and oversee maintenance activities to Ensure that IT systems and recovery mechanisms are kept up-to-date and operational.

2.5 Incident Response and Crisis Management

- Lead the IT response during emergencies, coordinating efforts to minimize downtime and restore services quickly.
- Collaborate with incident response teams to contain and mitigate the impact of security breaches, cyber-attacks, or other disruptions.
- Communicate effectively with stakeholders, including senior management, during crisis situations, providing regular updates and guidance.

2.6 Training and Awareness

- Provide training and awareness programs to educate staff on their roles and responsibilities in the event of an IT disruption.
- Foster a culture of preparedness and resilience across the organization, promoting proactive measures to safeguard IT assets and data.

2.7 TISAX Knowledge

- Support TISAX certification for critical plants and support & coordinate for organizational level security certifications.


- Support IT Service Owners & Plant/Site IT managers to implement TISAX requirements in their Services/locations.


- Collaborate with external audit firm for TISAX external assessment and achieve TISAX label for in-scope locations

2.8. Collaboration and Reporting

• Work with stakeholders across Site IT, Plant and Data Center teams to ensure Continuity Planning & recoverability of Enterprise IT designated key sites, plant with a data center hosting critical IT processing
1.

Assist site and plant IT leads in the preparation of DRP documents
2.

Assist application owners in the preparation of Application Impact Analysis (AIA) & Application Recovery Plan (ARP) documents
3.

Validate all sites and applications have DRP and AIA documents based on determined priority
4.

Review and test the IT DR related documents annually
• Application Continuity Planning ensures appropriate continuity level of critical infrastructure systems and applications.


1.

Key applications are hosted at global data centers which provide highest level of security and availability for hosted applications.


2.

Applications hosted in the cloud also require steps to ensure security and availability
3.

Ensure sustainability plans exist for IT DR, are well defined/documented, are executed according to plan, and meet defined standards to secure successful remediation.
• Pro-actively communicate on the progress of remediation activities including status reporting and communication to internal and Enterprise leadership on a periodic basis
• Report IT Continuity related metrics & KPIs to senior leadership
• Educate/train the IT organization regarding areas of responsibilities to achieve Business continuity program objectives

Education/Qualifications

• Bachelor’s degree in Information Technology or related discipline 
• 10+ years of total experience 
• 5+ years of relevant experience in driving & implementing IT Continuity for global enterprise

Experience

• ~ 5 years of experience in implementing Business continuity across IT organization
• ~ 5 year of hands-on experience in managing Risk/Compliance projects based on NIST (or equivalent) framework and implementing or evaluating security compliance requirements for NIST, SOX, PCI, ISO 27001, GDPR
• Strong understanding of Cyber Security concepts
• Experience with performing or reviewing enterprise risk assessments
• ~ 5 year of knowledge in general security concepts and methods as they relate to IT audit controls such as vulnerability assessments, incident response, enterprise security strategies, architectures and governance

Key Skills and Knowledge

• 3 to 5 years of experience in managing customers and extended Project Teams 
• 5 + years of experience in PMO design and Metrics / Audit and Compliance activities 
• Good working experience with Microsoft Excel, Word, Visio, Project, and PowerPoint
• CISSP, ISO 22301, CISA, ISO27001 accreditations preferred
• Able and willing to work independently and in a fast-paced environment with tight deadlines and minimal supervision
• Highly motivated, result oriented with the ability to be flexible and an effective change agent
• Ability to develop solid working relationships across organizational, functional, and geographic boundaries to define project requirements, identify resources, and execute project deliverables
- Proven experience in IT continuity management, disaster recovery planning, and risk management.
- Strong understanding of IT infrastructure, systems architecture, and cloud technologies.
- Excellent analytical and problem-solving skills, with the ability to prioritize tasks and make decisions under pressure.
- Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams and senior stakeholders.
Knowledge of regulatory requirements and compliance frameworks related to IT continuity and data protection (e.g., GDPR, HIPAA, ISO 22301).

Required Skill Profession

Computer Occupations