Domain Lead - Business Continuity

This function has a twofold purpose:

- Ensuring the business continuity of YPTO as an organization and an SNCB ICT department in case of a calamity impacting its people (pandemic), processes or facilities.

- Ensuring the IT Resilience of SNCB in case of a calamity, such as the destruction of a datacenter (fire or flood) in Belgium or abroad, the loss of electricity in a region from where SNCB contracts ICT services, a ransomware attack, etc.

Key Activities

Ensuring the resilience of YPTO in case of a calamity

Develop, test and continuously improve a comprehensive business continuity plan (BCP) that outlines strategies and procedures for ensuring that YPTO critical functions can continue in the event of a disruption.

Performing a Business Impact Assessment to determine the critical business functions and processes that need to be prioritized for continuity planning. This involves assessing the potential financial, operational, and reputational impacts of disruptions.

Developing and maintaining comprehensive business continuity plans that outline strategies and procedures for ensuring the organization's critical functions can continue in the event of a disruption. The Domain Lead BC/DR is responsible for creating, updating, and testing these plans.

Define and monitor an adequate IT disaster recovery strategy for SNCB and its subsidiaries

Define an adequate disaster recovery strategy for SNCB, taking into account the Business Impact Assessments, made by SNCB Risk Office (Corporate SNCB function) and best practices in calamity risk assessment and risk modelling.

The Domain Lead BC/DR takes into account hazards and comes up with a best practice and balanced DR strategy for the choice and location of data centers world-wide, the choice of technologies and providers.

Collaborate with other CISO Domain Leads and Enterprise Architecture to build and implement a common taxonomy

Develop, test and continuously improve an IT disaster recovery plan for SNCB and its subsidiaries

Develop, test and continuously improve an IT disaster recovery plan to guide the SNCB’s actions when a calamity occurs and ensure a swift recovery.

Develop, test and continuously improve a crisis management plan to ensure SNCB has able to timely react when facing calamities.

Ensure that SNCB complies with relevant legal, regulatory and contractual requirements and industry standards related to security and business continuity. This includes staying updated on changing regulations and adapting the BCP and security measures accordingly.

• Identify the threats that affect the IT and business environment and its countermeasures.

• Have a thorough understanding of the DR Planning Methodology.

• Conduct an application impact analysis for a business process.

• Develop and implement business (scope YPTO) and IT (scope SNCB) recovery strategies.

• Conduct cost benefit analysis for strategies and alternate site selection.

• Consolidate and implement a comprehensive IT DR plan.

• Create and develop IT DR awareness and training program in alignment and under the guidance of the Domain Lead Awareness

• Conduct exercises and tests.

• Integrate business continuity with the IT DR initiatives in alignment with and under the guidance of SNCB Risk Office who has the ultimate governance responsibility on business continuity for SNCB and subsidiaries.

• Sustain an effective organization-wide IT DR program, as the Domain Lead BC/DR has the governance responsibility for IT Disaster recovery in SNCB and its subsidiaries under the guidance and accountability of CISO for SNCB and its subsidiaries.

Oversee the Testing and Exercises

Oversee the conducting of regular drills, exercises, and simulations to test the effectiveness of the business continuity and disaster recovery plans. This helps identify weaknesses and areas for improvement.

The scope of these drills is YPTO wide for Business Continuity and SNCB-wide for IT Disaster recovery and can range from small table-top exercises to larger drills over a weekend, involving the planned disruption of a full chain of applications.

Documentation and Reporting

Maintaining documentation of security and business continuity plans, incident reports, and compliance records. Generating regular reports for senior management and stakeholders to provide visibility into the organization's security and continuity efforts.

Exigences

- 10 years of relevant business experience within, preferably the last 5 years relevant experience in IT disaster recovery planning in combination with experience in non-IT business functions, such as finance, marketing, operations, …
- Knowledge of DR planning and corresponding certification or proven results
- Knowledge of risk modeling techniques, such as statistical Monte Carlo analysis and bow tie analysis.
- Masters of Science degree or equivalent, preferably a combined degree in Computer Science and business.
- Following certificates are considered an added value: BCM practitioner
Competences
- Communicate, coordinate and cooperate with internal and external stakeholders across all levels – from blue collar workers to senior leadership
- Influence decisions about budgets and priorities with business and IT leadership such that business continuity and disaster recovery initiatives are included in the roadmaps.
- Apply mathematics to develop simple statistical models that are mathematically sound and correct, such as Monte Carlo analysis with/without correlated parameters.
- Strong analytical thinking abilities
- Understand core organizational business processes
- Identify, evaluate, and select high availability and disaster recovery solutions suitable for Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
- Understand how to:
• select and procure an appropriate secondary and tertiary alternate IT recovery site.
• Ensure critical data off-site backup and storage, retrieval, and management requirements are met
• Establish effective Service Level Agreements (SLAs) and contracts with vendors, suppliers, and service providers for facilities, data, and resources.
• Assemble a knowledgeable and effective Disaster Recovery team, and assign appropriate pre-disaster, disaster, and post-disaster tasks and responsibilities.
• Test and manage changes to the Disaster Recovery Plan.
- Define and apply maturity models for BC/DR management
- Anticipate future cybersecurity threats, trends, needs and challenges in the organization
- Ability to functionally lead multidisciplinary cybersecurity teams
- Dutch or French C2, and the second language B2 & English C1

Our offer

Within our open corporate culture, you contribute to the digital transformation of SNCB. You will have a job with social impact and ample opportunity to make your own contribution. In addition to a good work-life balance and a competitive salary, you will receive the following benefits:

• the possibility to work remotely + flexible working hours;

• 35 days of leave;

• a company car + a public transport season ticket;

• a target bonus;

• a comprehensive insurance package (affiliation without own contribution, excl. outpatient costs for family members);

• hospitalisation and dental care for the whole family;

• outpatient costs (= medical costs separate from hospitalisation);

• group insurance: supplementary pension, work disability and death (cafeteria plan);

• accidents at work (extralegal);

• net allowances for remote working and carwash + internet budget.