About the PRI

The PRI is the world’s leading proponent of responsible investment. It works to understand the investment implications of environmental, social and governance (ESG) factors and to support its international network of investor signatories in incorporating these factors into their investment and ownership decisions.

The PRI’s three distinct capabilities relate to the core elements of the PRI’s approach to achieving a sustainable financial system.

• Translate RI (Responsible Investment) thought leadership into insights and practical support that is tailored to what signatories need to progress their RI practice.

• Convene our vast network to create opportunities for collaborative action.

• Harness our global scale to influence policymakers and regulators to effect system change.

Job Description

The Operational Resilience Specialist is responsible for supporting the development of our resilience posture within the technology applications and infrastructure domain.  You will identify improvements from current state to desired future state that encapsulates maturity to achieve PRI confidence to demonstrate resiliency in our daily operations, user knowledge and compliance.

You will work closely with the team and business representatives on the requirement to achieve ISO27001 with continuity to sustain the certification, whilst defining and demonstrating robust interna systems controls and resiliency.

You will bring your experience to introduce best practices from technological, people, processes, and data capabilities to ensure our environment is secure and relevant, and ideally with experience working for a global organisation.

Core Responsibilities:

• Primary contact point for queries and incidents reported on operational resilience components, mainly information/cyber/data security, business continuity (BCP), disaster recovery (DRP) and associated technology risk profile.

• Provide technical advisory and support to crisis incidents and resolution.

• Develop the support framework to process and communicate high risk issues until resolution with root cause identified

• Responsible for the development and maintenance of PRI technical resilience landscape, including security tooling, procedures, training, phishing exercise, documentation.

• Implement internal systems controls, policy, and procedures to demonstrate assurance and resiliency.

• Source, implement and support the security tooling, reporting and certifications to deliver the ISO/IEC 27001 programme of work.

• Conduct internal annual security testing, security refresher/training and materials for internal users

• Develop a structured plan for external penetration testing across PRI estate and to identify a suitable Pentest for the exercise, including cost negotiation.

• Develop continuous improvement and best practises with supporting materials to ensure knowledge remains relevant for all staff adherence and compliance.

• Participate in due diligence review and Request to Procure (RFP) process, where applicable.

• Work closely with the IT Helpdesk to establish well-defined ticketing process for resilience incidents, and the support documentations and SLA are in place.

• Provide training to the IT Helpdesk to build the expertise knowledge to support effectively, creating better experiences for our internal users.

• Working closely with the Head of IT and Operations to ensure readiness of the infrastructure for deployments, ensuring the security, data and resilience requirements are met.

• Working closely with key stakeholders to develop robust security and data controls for  critical solutions, such as Progression Pathway, Data Portal, Reporting Assessment, Collaboration Platform, Academy Learning System

• Produce monthly operational resilience report (progression, incidents, escalations, etc.) to the Head of IT and Operations and Director of Technology and Infrastructure, and as required for Executive Team

• Liaison with our suppliers and 3rd party providers for development planning, escalation, service review and incident management, where appropriate.

• Ensure that all the business applications adhere to the regulatory requirements, industry standards, and best practices related to data security and privacy.

Person Specification

• Experience in supporting and implementing security controls within technology domain, including security applications and tools (SIEM products).

• Experience in supporting IT operational security related issues, analysing, problem resolution and preventative controls.

• Experience working on business continuity and disaster recovery plans, testing and execution of the plan.

• Experience working with due diligence requirements, responding and documentation, from signatories or potential signatories (quality and consistency that is repeatable where relevant)

• Good working knowledge on implementation of SIEM products, defining preventative and detection controls, training, and project documentation.

• Demonstrable working experience in Crisis Management related to information and cyber-attack, phishing, data breach incidents, including participation in BCP and/or DRP exercise.

• Demonstrable working experience on hosted solutions (on premise and cloud based)

• Demonstrable working experience in translating technical to non-technical business engagement and delivering visualisations of the targeted solutions.

• Professional certifications in Information Management, Data Management, Cyber Security, Project Management, ITIL is desirable.

• Ability to embrace and adapt changes, working with limited information and ambiguity in an ecosystem that is rapidly evolving.

• Experience working with suppliers and 3rd party providers to ensure contractual commitments are met, including negotiating the scope of work, development, enhancement, upgrades.

• Ability to work with minimal supervision, managing work prioritisation with competing priorities and handling conflicts and/or difficult discussion.

• Excellent written communication and verbal presentation skills.

• A collaborative and consultative approach to working with others & committed to fostering an inclusive environment.

• Demonstrates a commitment to developing others and a growth mindset, actively pursuing continuous profession and personal development.

• Good networking, relationship management and interpersonal skills and experience of building strong and productive relationships.

• Language skills, other than English, are desirable.

We particularly welcome candidates from under-represented groups, including Black, Asian, and other People of Colour, those with visible or non-visible disabilities, LGBTQ+ candidates and those who are neurodivergent.

The PRI is committed to offering flexibility to our employees, both formal (e.g. part-time work) and informal (e.g. a shift in hours to accommodate caring responsibilities). Please talk to us about how we could make this role flexible for you.

N.B. We reserve the right to close a vacancy before the closing date in the event of an overwhelming response or a change in business priorities.