Digital resilience refers to an organization's ability to adapt, recover, and continue operating effectively in the face of disruptions, including cyber attacks, technology failures, and other digital threats.

The Digital Resilience Office (DRO) at Coface, is operational role part of 1LoD and dedicated to fortify IT resilience by identifying and formely analyze ICT risks, managing major ICT incidents, implement ICT Third Party Risk Management procedure, conducting resilience tests and exercises, ensuring compliance with the DORA regulation, and collaborating with various teams to enhance digital resilience.

Mission :

• Governance & Reporting : uphold reporting requirements to the Group Risk Department, participate in Group Risk security & business continuity meetings, lead the Business Technology ICT Operational Risk Committee and oversee Regional team activities. Ensure the role of global coordinator of the digital resilience function with RRC (Regional Resilience Coordinators) appointed in regions. Consolidate information for reporting to regulatory authorities (ICT risk management annual review, major incident, resilience tests…).

• Digital resilience Strategy and Planning: together with Business Technology teams, define digital resilience testing operational strategy and plan to ensure the organization's resilience within its assets and infrastructure including ICT Third Parties. Roll-out Major scenario provided by Group Risk Department into concrete Operational Resilience tests to ensure the availability and resilience of critical digital infrastructure and services during disruptions or disasters. Define and review ICT resilience dashboards & metrics. Owner of ICT related remediation plans to improve overall ICT operational resilience.

• Digital Risk Assessment and Management: Implement and update ICT risk management procedure. Provide clear view of interdependencies between ICT asset (including ICT Third Parties) and function supporter (especially Critical and Important function). Conduct risk assessments to identify potential weakness on project, system, infrastructure, technology, ICT Third parties. Implement mitigation to minimize the impact . Perform level 1 ICT controls and reports their execution in the Risk Management GRC & coordinate BT stakeholders (HQ & regions) in achieving their 1lod ICT controls.

• ICT Third party risks management: Implement ICT Third party Risk management procedure by provided clear ICT risk assessment and monitoring of ICT Third Parties at each step of the life cycle of an ICT service provider and maintain an up-to-date register of contractual agreements, clauses, SLAs and derogation with ICT third parties, including mapping to ICT assets and business functions. Participate in the monitoring, identification & qualification of vulnerabilities and incidents related to ICT TPP service providers. Define, implement and review periodically remediation plans for ICT third parties. Organize, Strenghen and monitor TPRM activities with Procurement Department and Business Lines owners.

• Incident qualification and reporting: participate in the identification and qualification of ICT major incidents regarding DORA criterias. Participate in documentation of ICT incidents, including incident reports, lessons learned, and recommendations for operational process improvements. Coordinate with relevant teams to investigate and resolve ICT incidents, and ensure timely recovery of digital systems and data.

• Collaboration and Communication: collaborate with internal teams, such as IT, legal, compliance, and risk management, to ensure alignment of operational resilience efforts with broader organizational goals. Communicate effectively with stakeholders, executives regarding operational digital initiatives.

• Experience ICT Risk analysis, ICT continuity tests & Third party risk management
• Knowledge of data analysis tools and techniques (Power BI expertise is a plus)
• Experience in project management
• Autonomy & rigor in his/her work
• Strong communication, leadership and influence skills
• speaking skills and ability to adapt a presentation to different actors (regional resilience coordinators, operational teams…)
• Capacity to adapt to complex situations, sense of resilience
• Fluent in English (fully proficiency in speaking, reading and writing)