Operational Resilience Manager

Department

The Digital Policy, Control & Resilience (DPC&R) department operates within the COO domain, which encompasses both Operations and Technology departments. DPC&R is tasked with managing security oversight and operations, business continuity management, security monitoring and testing, identity and access management, cybersecurity and analytics, as well as policy making. The department includes various roles such as information security officers, policy and control officers, and cybersecurity analysts. The head of the department serves as Robeco’s Chief Information Security Officer (CISO).

Position & Requirements

We are seeking an Operational Resilience Manager responsible for developing and implementing strategies to ensure Robeco's preparedness for major business continuity and cyber security incidents. This individual will manage effective responses to contingencies and coordinate a comprehensive testing and exercise program. Key responsibilities include managing business continuity exercises, disaster recovery tests, threat-led penetration testing, and crisis simulations. The role requires engagement with relevant stakeholders and communities, operating on both tactical and strategic levels, and possessing strong reporting skills for senior management.

Key Responsibilities

• Enhance and implement operational resilience strategies and a resilience testing program.
• Coordinate, manage and enhance the organization's response to major incidents and crises.
• Lead the planning, execution, and evaluation of cyber security exercises, crisis simulations, and disaster recovery tests.
• Develop and maintain incident response plans and business continuity plans.
• Collaborate with various first, second and third line departments to ensure comprehensive preparedness and response plans.
• Provide training and awareness programs for staff on operational resilience and crisis management.
• Monitor and report on the effectiveness of resilience strategies and programs.
• Continuously improve resilience capabilities through lessons learned and best practices.

Requirements

• Bachelor's or Master's degree in crisis/security management, IT, risk management, or related field.
• 5-7 years in operational resilience, disaster recovery, or business continuity.
• Strong understanding of regulatory requirements and industry standards (e.g., DORA).
• Excellent project management, communication, and leadership skills.
• Ability to handle pressure and juggle multiple priorities.
• Relevant certifications (e.g., CBCP, MBCI, CISSP) are a plus.
• Proficiency in Dutch and English (written and spoken).
• Availability of at least 4 days/32 hours per week.
• Hybrid work setup with at least 3 days in Rotterdam.