Apply on Employer Site

Tompkins Community Bank · 10 hours ago

Operational Resilience & Risk Manager

Ithaca, NY

Full-time

Onsite

Mid, Senior Level

$103K/yr - $125K/yr

7+ years exp

Tompkins Community Bank is focused on ensuring operational resilience and risk management. The Resilience & Risk Manager will lead the Business Continuity & Operational Resilience Program, collaborating with various teams to maintain service availability during disruptions and manage information security risks.

BankingInsuranceWealth Management

Responsibilities

Own and manage the enterprise-wide Business Continuity & Operational Resilience Program, including governance and reporting to senior leadership and risk committees

Coordinate and lead Disaster Recovery planning, annual testing, and scenario-based exercises, including post-mortem reviews and continuous improvement

Conduct Business Impact Assessments (BIAs) and impact tolerance assessments for critical services, mapping dependencies across people, processes, technology, and third parties

Develop and maintain crisis communication plans and ensure readiness for regulatory reporting during major incidents

Align resilience strategies with regulatory requirements and industry standards (FFIEC, NY DFS, ISO 22301, NIST CSF)

Produce audit-ready documentation, metrics, and KPIs demonstrating program effectiveness and maturity

Collaborate with Third-Party Risk Management to assess vendor resilience & risk

Review technology architecture and design for resilience controls, integration dependencies, and cyber resilience measures

Integrate threat intelligence and emerging risk analysis (cloud, AI, geopolitical) into resilience planning

Support InfoSec governance activities and system administration for resilience and risk tracking

Participate in incident response, regulatory reporting, and executive-level crisis management

Promote awareness through training sessions, tabletop exercises, and education initiatives

Maintain expertise in operational resilience trends, regulatory changes, and best practices

Qualification

Business ContinuityDisaster RecoveryOperational ResilienceInformation Security Risk AnalysisRegulatory FrameworksCISSPCISMCBCPISO 22301 Lead ImplementerGRC PlatformsTrainingEducationCommunication SkillsTeam Collaboration