Rawpixel.com - stock.adobe.com
As organizations recognize the importance of adapting business operations to survive disruptive incidents more effectively, a new leadership role has emerged: the chief resilience officer.
Chief resilience officer is a relatively new senior-level executive title and is still evolving. Responsibilities can include business continuity and disaster recovery (BCDR), incident response, cybersecurity, and risk management. The chief resilience officer might also be designated as the lead executive for crisis management activities.
Chief resilience officers must ensure the organization can adapt and improve its operations so that future disruptive events are more effectively mitigated, resulting in minimal damage to the organization and its reputation.
Why create a chief resilience officer role?
Business continuity and disaster recovery traditionally deal with the immediate and short-term consequences of a disruptive event. Business continuity focuses on recovering the business, while DR addresses recovering the technology infrastructure.
Resilience builds on these activities by helping an organization learn from an event and identify ways to better adapt and respond to future occurrences.
Preparing for and responding to disruptive events traditionally has been managed by a wide variety of job titles in an organization. Sometimes the role is part of the IT staff or disaster recovery team. Other times it can be part of administration, risk management, emergency management, human resources or facilities management. In medium to large organizations, the need for a central leadership role for these and related activities has become evident.
It is particularly important that the chief resilience officer is high enough in the organization that they have ease of access to senior management and the board of directors. Such access has always been a major challenge for disaster recovery teams, which depend on upper management approval for the resources and budget to enact an effective resilience strategy. Establishing a chief resilience officer reinforces the importance of BCDR activities across the entire organization.
Skills and responsibilities of a chief resilience officer
Employees who take on this newly created position can come from different work experiences and academic backgrounds. Chief resilience officers must be able to interact with all levels and departments in an organization, as resilience touches all corners of a business's operations.
While the role is certainly cross-functional in its basic structure, the individual must be able to encourage cooperation and support with everyone so that the company can develop and deploy relevant programs and activities.
The ability to think strategically as well as tactically is a key skill. Chief resilience officers must know their organization's business, how it works, its risk tolerance and potential vulnerabilities, its business goals and competition, and many other attributes.
Risk is a key component of BCDR, resilience, cybersecurity and other related disciplines. An organization that does not currently have a specific risk department might find that it can reside successfully under a chief resilience officer. An important responsibility, from a risk perspective, is to embed risk management practices in virtually all activities the organization performs. The chief resilience officer can serve as the internal risk champion.
Owing to the growing interest and concern for environmental protection, reducing carbon footprints and achieving carbon-neutral operations, responsibilities might also address the green aspects of an organization.
For example, a chief resilience officer can work with the IT department and facilities management to ensure the organization is using energy-efficient systems and devices. The chief resilience officer can also work across the company to ensure green practices are built into every function.
Paul Kirvan is an independent consultant, IT auditor, and technical writer, editor and educator. He has more than 25 years' experience in business continuity, disaster recovery, security, enterprise risk management, telecom and IT auditing.