GCI's Enterprise Resiliency Services Specialist II through management of a corporate-wide enterprise resiliency program, enable the business to operate securely, protect its people, defend its assets, and preserve shareholder value. Supports the design, development, maintenance, and validation of the overall Business Continuity/Disaster Recovery (BC/DR) plans for each critical functional area, system and application of the organization, and a corporate crisis management plan. Responsible for the day-to-day development, review, validation, and remediation of corporate-wide enterprise resiliency program elements.

ESSENTIAL DUTIES AND RESPONSIBILITIES AT ALL LEVELS:

Planning/Analysis/Validating

Business Continuity/Disaster Recovery/Crisis Management Planning:

• Develop and maintain Business Continuity/Disaster Recovery/Crisis Management policies, procedures, and standards in coordination with GCI departments.

• Maintain a current knowledge of applicable laws, regulations, and internal policy and procedure.

• Monitor industry regulatory environment for impact on enterprise resiliency programs and changes to business continuity and disaster recovery standards.

• Regularly review policies, standards, and procedures to ensure compliance with laws and regulations and implement any needed changes, in coordination with GCI Legal department.

• Develop departmental work instructions as well as training for departmental activities.

Business Impact Analysis:

• Organize and conduct interviews and walkthroughs with department business process owners.

• Identify resources required, dependencies, and interdependencies.

• Identify opportunities for business-as-usual resilience improvements in processes and systems.

• Perform critical analysis to determine the priority of business functions within business units and across the enterprise.

• Perform analysis and collaborate with business stakeholders to identify reasonable recovery targets.

Business Continuity/Disaster Recovery/Crisis Management Planning and Validating:

• Develop and maintain models, templates, instructions, and guidance for the development of departmental business continuity plans, system and application disaster recovery plans, and a corporate crisis management plan.

• Support the organization as a subject matter expert in business continuity planning, disaster recovery planning, crisis management, and plan validating.

• Facilitate the validating of departmental business continuity plans, and system and application recovery plans. Perform after-action and post exercise reviews and identify improvement opportunities and lessons learned.

Risk Assessment

• Manage business resilience risk identification, mitigation, and exception/acceptance processes, including risk reporting through enterprise risk management system.

• Support the organization as a subject matter expert in assessing business resilience risk both internally and externally.

• Test to identify possible control weaknesses in departments and functions and other operational areas, recommending changes to minimize those weaknesses.

• Draft recommendations to communicate control performance results and regulatory findings to management in an efficient, timely and concise manner.

• Facilitate and ensure successful completion of various audits, including but not limited to ISO, SOX, PCI, SOC2, etc.

Administration & Operations

• Support business resilience initiatives and assessments, including responses to client security organization audits, questionnaires regarding business resilience.

• Provide continuity and recovery training to GCI departments.

• Prepare reporting packages and highlight potential resilience risks for review.

• Perform resilience risk assessments and audits.

• Prepare routine, special, or ad hoc reports. Identify metrics that fall outside of resilience risk tolerances and escalate within department.

• Work with department stakeholders to implement changes and continually monitor resilience controls that are put in place.

• Develop action plans from audits to mitigate resilience risk potential within departments and throughout the organization.

• Maintain dashboards, SLAs, KPIs relating to the resilience of processes and programs.

• Other resiliency program related tasks as assigned.

  COMPETENCIES:

• Demonstrated commitment to GCI’s Basic Principles, Mission Statement, Declaration of Principles and diversity, equity, and inclusion (DEI) by promoting and maintaining an inclusive and equitable work environment for all employees and contractors, and in interactions with customers, vendors, and the general public.

• ACCOUNTABILITY- Takes ownership for actions, decisions, and results; openly accepts feedback and demonstrates a willingness to improve.

• BASIC PRINCIPLES - Interacts with people in a way that builds mutual trust, confidence, and respect; adheres to GCI’s Code of Conduct for Employees – the Basic Principles.

• COLLABORATION - Works effectively with others to accomplish common goals and objectives; maintains positive relationships even under difficult circumstances.

• Ability to develop and maintain productive relationships and interact professionally with a diverse group of executives, managers, subject matter experts, and peers across the enterprise.

• Ability to work and coordinate with multi-team environments, including program managers, business analysts, IT analysts, and other resilience, security, and privacy professionals.

• COMMUNICATION- Conveys thoughts and expresses ideas appropriately and professionally.

• Ability to accurately read, write, and respond to routine business correspondence such as emails, chat messages, policies, procedures, reports.

• Ability to accurately communicate information virtually and in-person in a clear and concise manner to a range of audiences.

• Demonstrated ability to discuss complex technical details with extended support staff and translate into non-technical communication.

• Ability to interact with personnel at all levels and across all business units and organizations, and to comprehend business imperatives.

• COMPLIANCE - Follows internal controls; protects confidential information; abides by GCI’s Code of Business Conduct & Ethics.

• At all times is a model example of the company’s values, principles, ethics, and code of conduct.

• Is a model example of integrity and trustworthiness, honors the confidentiality of information entrusted to them.

• Promotes, and fosters the mission statement for the Enterprise Security Office.

• CUSTOMER FOCUS - Demonstrates commitment to service excellence; gives high priority to customer satisfaction.

• Strong customer/client focus with the ability to manage expectations appropriately, provide superior customer/client experience, and build long-term relationships.

• RELIABILITY - Consistently follows through on assigned tasks as expected; demonstrates timely attendance at meetings, training, and other work obligations.

• Ability to work independently under minimal supervision while handling multiple projects with changing priorities and deadlines.

• RESULTS - Uses a combination of job knowledge, initiative, sound decision making, innovation, adaptability, and problem solving.

• Experience with the current business continuity and disaster recovery practices.

• Experience with performing business impact analysis and risk assessments.

• In-depth understanding and working knowledge of business continuity planning and life cycle processes.

• Strong analytical skills to analyze resilience requirements and relate them to appropriate resilience controls.

• Excellent organizational, planning and time management skills.

• SAFETY & SECURITY - Supports a safe work environment by following all workplace safety rules and guidelines; complies with applicable Security policies and procedures.

• Proficient computer skills and MS Office knowledge (e.g., Outlook, Teams, Word, Excel) to complete job duties effectively.

• Experience with GRC software preferred.

Level Definition

Position Title: Enterprise Resiliency Services Specialist II

Grade: E05

Additional Job Requirements:

This is an intermediate level position within the ERS role. Conducts more complex work assignments under moderate supervision. Participates in the development and maintenance of the company’s enterprise resiliency program. Performs periodic validations to ensure effectiveness. Coordinates training and restoration of operations to ensure successful execution of business recovery processes and procedures. Plays a critical role in responding to business interruptions and coordinating recovery efforts.

• Mentor and train junior members and teams.

• Improve and enhance daily operational procedures, tasks, and controls.

• Create and implement business resilience controls, procedures, and tools to ensure business resilience against current and emerging security threats/risks.

• Define standards and rules for business resilience systems and applications, including policy assessment and compliance tools.

• Receive and review audit findings, manage the collection of responses and remediation plans.

• Train and educate staff in business continuity and disaster recovery programs.

Minimum Qualifications:

Required: *A combination of relevant work experience and/or education sufficient to perform the duties of the job may substitute to meet the total years required on a year-for-year basis

• High School diploma or equivalent.

• Bachelor’s degree in business, computer science, technology, business continuity management or related field. *

• Minimum of four (4) years of experience in business continuity/disaster recovery/crisis management planning, enterprise resilience, or related role. *

• Including a minimum of two (2) years involving facilitating business impact analysis’, business continuity/disaster recovery/crisis management plan development and validating, compliance, risk assessment, risk management, policy development, plan development, or information technology systems.

Preferred:

• Certification from an industry certifying institution, such as, the BCI and/or DRII.

• Other applicable IT, Information Security and Compliance related Certifications.

• Telecommunications experience.

  Required at ALL Levels

DRIVING REQUIREMENTS:

• This position requires driving a company-owned vehicle, company provided vehicle, or a personal vehicle on behalf of the company. Must possess and maintain a valid driver’s license, proof of insurance, a satisfactory driving record, and successfully complete Defensive Driving course.

  PHYSICAL REQUIREMENTS and WORKING CONDITIONS:

• Work is primarily sedentary, requiring daily routine computer usage.

• Some travel required, such as between retail store locations, offices, worksites, or other locations as needed.

• Ability to work shifts as assigned, work in standard office/home office setting, and operate standard office equipment.

• Ability to accurately communicate information and ideas to others effectively.

• Physical agility and effort sufficient to perform job duties safely and effectively.

• Ability to make valid judgments and decisions.

• Available to work additional time on weekends, holidays, before or after normal work hours when necessary.

• Must work well in a team environment and be able to work with a diverse group of people and customers.

• Virtual workers must comply with remote work policies and agreements.

  The company and its subsidiaries operate in a 24/7 environment providing critical services to Alaskans and may need to respond to public health and safety matters or other business emergencies. Due to business needs employees may be contacted outside of the core business hours to respond to the immediate emergency. As such, you will be requested to provide emergency after hours contact numbers, to include your home and cell phone numbers if you have those services.

  EEO: GCI is an equal opportunity employer. Qualified applicants are considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, marital status, mental or physical disability, veteran status, or any other status or classification protected under applicable state or federal law.

  DISCLAIMER: The above information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.