<p>Overview</p> <p>The Resilience & Risk Manager leads the company's Business Continuity & Operational Resilience Program, ensuring critical services remain available during disruptions and that information security risks stay within defined tolerances. This role partners with business leaders, IT teams, and Information Security team members to strengthen resilience, security, and regulatory compliance across processes, technology, and third-party relationships. You will be highly capable of creating sound and comprehensive documentation, and reports for senior management to demonstrate the posture and effectiveness of the program, as well as offer additional recommendations to further enhance the program ensuring information security risk is within defined tolerances and company appetite. You will ensures alignment with FFIEC, NYDFS Part 500, GLBA, SOX, and industry frameworks such as ISO 22301 and NIST.</p> <p>Responsibilities</p> <ul> <li> <p>Own and manage the enterprise-wide Business Continuity & Operational Resilience Program, including governance and reporting to senior leadership and risk committees.</p> </li><li> <p>Coordinate and lead Disaster Recovery planning, annual testing, and scenario-based exercises, including post-mortem reviews and continuous improvement.</p> </li><li> <p>Conduct Business Impact Assessments (BIAs) and impact tolerance assessments for critical services, mapping dependencies across people, processes, technology, and third parties.</p> </li><li> <p>Develop and maintain crisis communication plans and ensure readiness for regulatory reporting during major incidents.</p> </li><li> <p>Align resilience strategies with regulatory requirements and industry standards (FFIEC, NY DFS, ISO 22301, NIST CSF).</p> </li><li> <p>Produce audit-ready documentation, metrics, and KPIs demonstrating program effectiveness and maturity.</p> </li><li> <p>Collaborate with Third-Party Risk Management to assess vendor resilience & risk.</p> </li><li> <p>Review technology architecture and design for resilience controls, integration dependencies, and cyber resilience measures.</p> </li><li> <p>Integrate threat intelligence and emerging risk analysis (cloud, AI, geopolitical) into resilience planning.</p> </li><li> <p>Support InfoSec governance activities and system administration for resilience and risk tracking.</p> </li><li> <p>Participate in incident response, regulatory reporting, and executive-level crisis management.</p> </li><li> <p>Promote awareness through training sessions, tabletop exercises, and education initiatives.</p> </li><li> <p>Maintain expertise in operational resilience trends, regulatory changes, and best practices.</p> </li></ul> <p>Qualifications</p> <ul> <li> <p>Bachelor's degree in Computer Science, Information Systems, or related field.</p> </li><li> <p>7+ years in IT and/or Information Security; 3+ years in financial services.</p> </li><li> <p>Hands-on experience with Business Continuity, Disaster Recovery, and Operational Resilience programs.</p> </li><li> <p>Strong understanding of information security risk analysis, banking systems, and regulatory frameworks.</p> </li></ul> <p>Preferred Qualifications:</p> <ul> <li> <p>Certifications: CISSP, CISM, CBCP, ISO 22301 Lead Implementer, Security+, PMP.</p> </li><li> <p>Experience with GRC platforms (LogicGate), cyber resilience planning, and regulatory exam preparation.</p> </li></ul> <p>Benefits</p> <ul> <li>Medical </li><li>Dental </li><li>Vision </li><li>401(k) Match </li><li>Profit Sharing </li><li>Paid Time Off </li><li>11 Holidays </li><li>Tuition Reimbursement </li><li>Free Parking throughout Tompkins Community Bank </li><li>Employee Referrals </li></ul> <p>EEO Statement</p> <p>Tompkins is committed to a policy of Equal Employment Opportunity ("EEO") with respect to all team members and applicants for employment and a work environment free from discrimination (including unlawful harassment) based on race, color, religion, sex, sexual orientation, transgender status, gender non-conformity, gender identity, gender expression, national origin, age, marital status, domestic violence victim status, disability, predisposing genetic characteristics, military or veteran status or status in any group protected by federal, state, or local law.</p> <p>For more information, please click here</p> <p>#communitybank</p> <p>Pay Range</p> <p>USD $103,000.00 - USD $125,000.00 /Yr.</p>