Senior Manager, Incident Management (UK)

Reporting to Head of Crisis & Business Continuity Management

OVERALL PURPOSE OF THE JOB:
To maintain and develop a fully effective Incident Management framework to ensure the Group is able to respond to a wide spectrum of incidents.  Co-ordinate the necessary action to ensure the Group’s interests are protected in relation to staff safety, customer service, asset protection and protection of reputation and brand. Capturing learning and ensuring the delivery of action plans and PIR’s is a key part of the role.

Further ensure a rigorous and pro-active approach is taken to Horizon Scanning and Threat Assessment, co-ordinating the input from across the security industry of our peers and provide analysis on this to inform our own strategic direction.

INCIDENT MANAGEMENT
Group Incident Executive and Group Incident Operations
In the event of a ‘significant’ incident, lead the support of the Group Incident Executive (GIE) and Group Incident Operations (GIO) teams to ensure:

• The effective identification, escalation and control of any significant incident which may potentially impact the Group.
• Group wide coordination with agreed strategic direction and appropriate focus of main effort.
• The timely implementation of Business Continuity Plans which meet the needs of stakeholders for the recovery of critical activities

Develop and maintain conducive relationships with both GIE / GIO Chairs and other GIE / GIO members.  Act as first point of contact for GIO Chair to provide any necessary support required to include:

• Inducting new GIE and GIO members.
• Briefing Crisis Management Teams.
• Gathering and summarising information to provide a Group status.
• Documenting the outputs of formal GIO meetings and ensuring actions are delivered.

Manage the delivery of an effective testing and exercising programme for the GIE / GIO:

• Strategy is developed in line with current threats and has the agreement of GIE Chair (Director of IT & Operations).
• Ensure delivery of formal annual programme with all stakeholders engaged.
• Development of accurate and value adding scenarios developed in conjunction with subject matter experts / external expertise (where required).
• Responsibility for ensuring key learning is captured with appropriate actions through to delivery.

Ensure all supporting infrastructure and information for GIE / GIO is produced, maintained and distributed (e.g. Aide Memoir, Command Centre, Satellite Phones, Response Plan).

Chief Security Office Related Incidents

• Manage cross-CSO related incidents to ensure a professional and cohesive response.
• Lead the management and co-ordination of all Group-wide (sub-GIO) Security related incidents ensuring appropriate and timely response from affected Business Units.
• Identify, train and develop a ‘virtual’ team of Incident Response professionals from the CSO Functional areas - Group Information Security, Group Financial Crime and Group Physical and Personal Security.
• Design, implement and manage an Incident Response framework and processes for cross-CSO and Groupwide Security related Incidents, incorporating the effective management and co-ordination of the CSO ‘virtual’ team.

‘Local’ Incident Management

• Ensure ‘local’ incidents are managed appropriately and effectively track progress to resolution or escalation.
• Design, implement and manage a process for remotely tracking local incidents considering resource requirements and escalation trigger points.

INCIDENT RESPONSE CAPABILITY:

• Ensure Business Units have a conduit for incident escalation both during and out of hours (Duty Manager rota).  Establish key information and engage the GIE / GIO Chair or Chief Security Officer as required.
• Manage the Action Plans and Learning from all GIE/GIO Exercises to ensure timely and efficient delivery.
• Manage the Actions Plans, Learning and Post Incident Reports from actual incidents across the Group to ensure timely and efficient delivery and the communication of best practice.

MANAGEMENT INFORMATION / REPORTING:

• Manage the development, maintenance and improved functionality of the Business Continuity Management databases and automated alert system (Rapid Reach).
• Ensure that key incident response contact information and interactive maps are up to date and distributed as required.
• Ensure that the integrity of critical activity details is maintained and effectively used for incident response and BCM strategy development.
• Capture business unit incidents and report a consolidated view to Divisional Risk Committee on a monthly basis.

HORIZON SCANNING/THREAT ASSESSMENT
Ensure the provision of continuous monitoring and assessment of the threats and risks LTSB could be exposed to and work with Business Units to ensure appropriate mitigating actions are in place.

Act as key C&BCM representative within the CSO Intelligence community

Horizon Scanning

• Provide expertise on the forthcoming threats to LTSB through detailed research and monitoring.
• Continuous monitoring of the threat situation both in the UK and Internationally via a series of alerts and monitoring systems.
• Produce detailed horizon scanning assessment of specific threats/areas.  For example risk reports for priority buildings, ad hoc reports on hostile reconnaissance.
• Provide threat updates to the BCM Business Partners in order for them to brief and prepare Business Units on forthcoming threats.
• Develop and maintain reporting mechanisms for communicating current and future threats to the Business.
• Act as lead on slow creep GIE/GIO incidents such as transport/postal strikes. This requires continuous monitoring of the situation through open source material and key contacts. 
• Providing ongoing situation assessments to Business Units and GIE/GIO and lead GIO meetings and following through actions where required.

Intelligence Community

• Develop and maintain relationships with all key Intelligence bodies, the Police and Security Services. Being the LTSB focal point for all such organisations.
• Co-ordinate the input from across the security industry of our peers and provide analysis on this to inform our own strategic direction
• Manage the intelligence established from the activities above and feed into the CSO Intelligence community via the Sharepoint Threat Log
• Manage the Daily Threat watch meeting with other CSO intelligence representatives and action where required.
• When required, feed intelligence and actions back to Business Units via the Business Partners.

PROFESSIONAL/REGULATORY QUALIFICATIONS REQUIRED TO UNDERTAKE ROLE

Member of the BCI

SPECIALIST SKILLS/KNOWLEDGE REQUIRED TO UNDERTAKE ROLE

At least 5 years Incident Management experience in a large organisation, security service or military.