Business Continuity Specialist

Summary: Develop and maintain business continuity and disaster recovery frameworks aligned with ISO 22301, ISO 27031, and SAMA requirements to ensure organizational resilience. Responsibilities:

• Develop, implement, and maintain the enterprise-wide Business Continuity Management (BCM) framework aligned with regulatory and industry standards • Develop Business Continuity Documents:

• Develop and recommend business continuity and recovery strategies (alternate sites, remote working, manual workarounds) • Define resource requirements (personnel, technology, facilities, third parties) • Develop and maintain Business Continuity Plans (BCPs) • Develop and maintain Disaster Recovery Plans (DRPs) with IT teams • Define crisis communication and escalation protocols

• Establish and maintain BCM policy, standards, procedures, and governance • Define BCM scope, objectives, and applicability across business units • Conduct Business Impact Analysis (BIA) • Determine:

• Maximum Tolerable Downtime (MTD) • Recovery Time Objectives (RTO) • Recovery Point Objectives (RPO)

• Assess financial, operational, regulatory, and reputational impacts • Identify single points of failure and mitigation strategies • Establish Crisis Management Team (CMT) structure and roles • Perform BCM risk assessments covering:

• Operational threats • Technology threats • Cyber threats • External threats

• Conduct BCM testing programs (tabletop, simulation, full-scale drills) • Validate effectiveness of BCPs and DRPs • Document test results and track remediation actions • Maintain and update BCM documentation and plans • Ensure version control and governance of BCM documents • Assess third-party/vendor continuity capabilities • Ensure vendors maintain adequate BCP and DR arrangements • Establish BCM governance committees and reporting • Prepare BCM dashboards and reports for senior management • Monitor BCM readiness and compliance • Ensure alignment with regulations and standards (e.g., ISO 22301) • Support audits, inspections, and regulatory reporting • Conduct BCM awareness and training programs • Provide role-based training for crisis and recovery teams • Promote business continuity culture across the organization • Integrate BCM into:

• Enterprise risk management • Operational risk • IT risk frameworks

• Embed BCM into: • Strategic initiatives

• Digital transformation • New product development

• Conduct BCM maturity assessments and benchmarking • Drive continuous improvement for organizational resilience