DORA testing Program Manager
DORA Program Manager
The goal of the mission is to build the DORA testing program within Belgium by augmenting the test initiatives that are already in place.
Draft the yearly Digital Operational Resilience Testing Program for:
ICT Business continuity plans testing
ICT Response & Recovery plans testing
Crisis Communication plans testing
Vulnerability Assessments and Scans (including Scanning Software Solutions)
Network Security Assessments
Source code reviews
OpenSourceAnalysis
Scenario Based Testing
Compatibility testing
Performance testing
Penetration testing
Physical Security ReviewsTaking into account the following when scoping the program:
The Entities own circumstances notably the criticality of the Entity s ICT and information assets and the criticality of the services provided.
The Entities specific risk to which they might be exposed as well as the evolving landscape of ICT risk in cooperation with the risk department.
Requirements
Define a sound governance on the program with roles & responsibilities.
The Testing Program of Digital Operational resilience should be formalized maintained and reviewed as it is considered an integral part for complying with DORA s Chapter II concerning ICT risk management.
Define a reporting channel to senior management on the result of the testing (at least yearly but ideally more often).
Make sure the appropriate testing frequency is taken into account in the program
Get the approval for the yearly program by top management (f.e. board of directors)
Dutch and / or French required.
2 days a week on site.
Define a sound governance on the program with roles & responsibilities. The Testing Program of Digital Operational resilience should be formalized, maintained and reviewed as it is considered an integral part for complying with DORA s Chapter II concerning ICT risk management. Define a reporting channel to senior management on the result of the testing (at least yearly, but ideally more often). Make sure the appropriate testing frequency is taken into account in the program (based on the overarching testing guidelines of AXA Group and the critical application supporting a CIF (Critical or Important Function)) Get the approval for the yearly program by top management (f.e. board of directors)