Business Continuity Management & Resilience Manager

Job Title: BCM & Resilience Manager

Location: Karachi, Pakistan

Terms: Full-time / Permanent

Special Requirements: This is a Group role, requiring occasional alignment with Swiss hours for meetings and engagements.

About Us

Habib Bank AG Zurich is a Swiss-incorporated bank established in 1967, with a strong focus on international banking and finance. Operating across eight geographies and four continents, we offer a wide range of financial services to individual and corporate clients. Our risk management function plays a critical role in ensuring financial stability, regulatory compliance, and operational resilience.

About the Role

We are seeking a motivated Operational Business Continuity & Resilience officer to support the Group Operational Risk function. The ideal candidate will help develop, implement, and enhance operational resilience and business continuity strategies. This role plays a critical part in ensuring the organization’s ability to withstand, respond to, and recover from operational disruptions.

Key Responsibilities

· Governance & Regulatory Compliance:

Ensure the Group’s operational resilience framework aligns with FINMA Circular 2023/1, Basel, BCBS 239, ISO 22301, and PRA/FCA requirements. Assist in regulatory reporting and audit responses. Provide oversight on operational risk tolerance, stress testing, and recovery capabilities as required under regulatory expectations.

· Technology & Cyber Resilience Support:

Work with IT Security and Group Technology to oversee Technology Recovery Plans (TRPs), disaster recovery testing, and resilience scenario assessments. Ensure IT systems and critical applications have defined impact tolerances and undergo resilience validation, including cybersecurity breach simulations and cloud resilience testing.

· Ensure Countries (branches & subsidiaries) adhere to the Group’s framework – which requires identifying critical functions, defining their impact tolerances, carrying out vulnerability and threat assessments and then defining plausible scenarios.

· Scenario Analysis & Testing:

Assist in developing and executing operational resilience scenarios, including cybersecurity threats, system failures, third-party disruptions, and climate-related stress testing. Align resilience testing with regulatory and industry best practices, ensuring that learnings are integrated into risk controls.

· Business Continuity Management (BCM):

Support the development and implementation of BCM strategies, ensuring alignment across all Group locations. Conduct periodic BCM drills and tabletop exercises to validate response effectiveness.

· Stakeholder Collaboration:

Engage with senior leadership, Group Functions, and Risk Committees to enhance resilience reporting and awareness.

· Training & Awareness: Support resilience training initiatives, ensuring employees understand continuity plans and crisis response procedures.

· Incident & Crisis Management:

Assist in reviewing material incidents, conducting post-incident analysis, and recommending resilience improvements. Define post-incident learning frameworks, ensuring that systemic risk trends are identified and addressed through control enhancements.

Risk Reporting & Data Analysis:

Prepare resilience risk reports, dashboards, and analytics for Group Risk Committees and senior management. Ensure that key risk indicators (KRIs) for resilience are regularly monitored and reported.

Candidate Profile:

Required Skills & Competencies:

Education: Bachelor's in risk management, Business Administration, Finance, Information Security, or related fields.

Certifications such as CBCP, ISO 22301 Lead Implementer, CISSP, CISM, CRISC, or ITIL Resilience Certifications are preferred.

Experience: 3-5 years in operational resilience, business continuity, IT disaster recovery, risk management, or regulatory compliance in banking or financial services.

Technical Knowledge: Strong understanding of operational resilience frameworks, business continuity best practices, cyber resilience strategies, and technology risk management.

Regulatory Awareness: Familiarity with Basel III, FINMA Circular 2023/1, BCBS 239, UK PRA/FCA operational resilience regulations, and ISO 22301 business continuity standards.

Incident & Crisis Management: Ability to analyze operational disruptions, develop response strategies, and conduct post-event reviews.

Risk Analytics & Data Interpretation: Experience in scenario testing, resilience modeling, and risk dashboard reporting.

Stakeholder Engagement: Strong ability to communicate resilience strategies to senior management, regulators, and risk committees. Project Management & Coordination: Experience in leading resilience projects, business impact analyses (BIA), and IT service continuity planning.