Business Continuity 2LOD Oversight Manager

The role:

The Business Continuity & Disaster Recovery (DR) Oversight Manager is responsible for governing SoFi's Business Continuity and Disaster Recovery programs as part of the  Independent Risk Management (2LOD) function. This position provides oversight of business impact analyses (BIA), business continuity plans (BCP), and disaster recovery testing programs to ensure they meet enterprise standards. As a risk leader, you will continuously evolve the BC/DR programs to improve resiliency across SoFi’s cloud-native infrastructure (AWS/GCP), protecting our people, assets, and reputation.

What you’ll do:

• Policy Governance: Own, develop, and maintain the enterprise-wide Business Continuity and Disaster Recovery policies and standards, ensuring they remain aligned with evolving regulatory requirements and industry best practices.
• 1LOD Oversight: Provide independent oversight to the First Line of Defense (1LOD) to ensure their BCP/DR plans, business impact analyses (BIAs), and testing exercises adhere to established standards and address business risk.
• RTO & Dependency Alignment: Evaluate Recovery Time Objectives (RTOs) to ensure they are realistic and aligned with SoFi’s critical dependencies, including cloud infrastructure (AWS/GCP), key servicing partners, and third-party vendors.
• Risk Reporting: Design and monitor Key Risk Indicators (KRIs) and performance metrics to provide the management committees and senior management with a transparent view of the firm's resiliency posture.
• Testing & Validation: Validate 1LOD disaster recovery testing and tabletop exercises, ensuring that "failover" capabilities are proven and that "lessons learned" are formally remediated.
• Regulatory & Audit Liaison: Serve as  point of contact for internal audit and regulatory examinations regarding BC/DR oversight, ensuring all evidence of 2LOD supervision is documented and defensible.
• Emerging Threat Assessment: Monitor the external threat landscape (e.g., cyber-resiliency, climate risk) to ensure SoFi’s framework stays ahead of potential disruptions to business operations.
• Credible Challenge Execution: Actively evaluate and provide constructive "credible challenge" to the First Line (1LOD) and business units regarding their recovery strategies, ensuring that RTOs and test results meet enterprise standards 
• Mitigation Verification: Assess and confirm the adequacy of the First Line’s (1LOD) risk mitigation strategies for complex dependencies, focusing on the potential for widespread service impacts during a cloud or partner outage.

What you’ll need:

• Bachelor’s degree in risk management, business administration or related field/discipline such as, but not limited to emergency management and/or business continuity.

• 5+ years of experience in Business Continuity, Disaster Recovery, or Operational Risk, specifically within a Second Line of Defense (2LOD) or Internal Audit capacity.
• Understanding of FinTech or Financial Services regulatory landscapes (e.g., FFIEC, OCC, Federal Reserve guidelines) as they relate to resilience and third-party risk.
• Proven experience overseeing BC/DR in cloud-native environments (e.g., AWS, GCP) and an understanding of high-availability architectures (Active-Active vs. Active-Passive).
• Demonstrated track record of drafting, implementing, and enforcing enterprise-level BC/DR policies an