Operational Resilience Manager - DORA Implementation

Key Insurance client needs an Operational Resilience Manager as they prepare for and transition into full compliance with the Digital Operational Resilience Act (DORA).

The successful candidate will play a pivotal role in advising clients on implementing robust Tech risk management frameworks, enhancing third-party risk oversight, and aligning operational resilience strategies with upcoming supervisory expectations.

Key Responsibilities:

• Lead DORA readiness assessments for the firm, identifying gaps in tech risk, third-party risk, and incident reporting frameworks.
• Support clients in designing and embedding Tech risk management frameworks.
• Advise on the design and implementation of incident response and reporting mechanisms
• Navigate third-party risk management transformation, including review and remediation of outsource agreements.
• Monitor and interpret regulatory developments, providing practical impact analysis and implementation plans.
• Collaborate with technology, cyber, and compliance teams to uplift digital resilience capabilities.
• Provide input to board-level reporting and resilience self-assessments, ensuring alignment with DORA and other relevant frameworks (e.g. NIS2, EBA GL ICT & Security Risk, PRA SS1/21).
• Support internal training and awareness activities for clients transitioning into the full DORA regime.

Required Experience & Skills:

• Proven experience in operational resilience, Tech risk, or third-party risk management within Financial Services or consulting.
• Strong understanding of DORA, its regulatory obligations, and crossovers with NIS2, EBA/EIOPA/ESMA guidelines, and PRA/FCA expectations.
• Experience working with or advising banks, insurers, asset managers, or payment service providers.
• Familiarity with third-party risk frameworks, resilience testing, and incident handling protocols.
• Ability to interpret and apply regulatory technical standards (RTS/ITS) in a business context.
• Excellent stakeholder engagement skills, with a track record of influencing at senior levels.
• Strong analytical, report-writing, and communication skills.

Desirable:

• Experience with REP018 (Operational Resilience Self-Assessment) and/or REP017 (Outsourcing & TPRM) in UK-regulated entities.
• Knowledge of resilience frameworks such as ISO 22301, NIST, COBIT, or ITIL.
• Consulting or regulatory background is advantageous.