Job Details

Design a Bank-Grade Business Continuity Plan (BCP) for FinTech SaaS with RTO ≤ 15 min, RPO ≤ 30 s

Sep 26, 2025 - Senior

$4,800.00 Fixed

Executive Pain-Point:
You are a CTO of a FinTech processing $600 M daily payments. Regulators mandate a living BCP that guarantees 15 min RTO and 30 s RPO during region-wide AWS outage. You need documented playbooks, quarterly drills, and board-level evidence—not a generic template.

Senior-Level Outcomes You Will Achieve:

  • RTO ≤ 15 min (money movement resumes).
  • RPO ≤ 30 s (zero transaction loss).
  • ISO-22301 compliant document set.
  • Board-approved drill calendar 12 months ahead.

Deep-Dive Scope I Will Own:

  • Business Impact Analysis (BIA)
    • Workshop with CFO, Head of Risk, Head of Engineering (2 × 2 h).
    • Map critical business functions (payments, settlements, KYC) → MTD, MAD values.
    • Quantify financial exposure: $12 M/hour during peak FX window.
  • Risk Assessment & Scenario Modelling
    • AWS region outage, DNS hijack, ransomware, third-party PSP down.
    • Monte-Carlo simulation → probability × impact matrix.
  • Technical Recovery Architecture
    • Multi-region active-active Aurora Postgres (Global Database).
    • Cross-region ElastiCache Global Datastore for session stickiness.
    • Route 53 ARC zonal shift API → 15 s traffic flip.
    • Stateless micro-services pre-scaled 2× during drill window.
  • Playbook Library (Print-Ready)
    • Incident Response (gold silver bronze roles).
    • Communication tree (Twilio call-tree + Signal group).
    • Decision matrix: when to declare major incident vs minor.
  • Drill & Validation
    • Table-top exercise Week-1, functional drill Week-12.
    • Chaos test: simulate Aurora failover → measured RTO = 11 min.
    • Post-mortem + board slide-deck with metrics and lessons.

Enterprise Deliverables:

  • BIA report ( 40 pages ) + executive summary ( 4 pages ).
  • Playbook bundle ( incident, communication, decision ) PDF + Confluence.
  • Drill evidence: RTO/RPO logs, Chaos experiment JSON, board minutes.
  • ISO-22301 gap-analysis checklist signed by external auditor.
Risk assessment and analysis Business continuity planning (BCP) process
  • United States
  • Proposal: 0
  • Verified
  • Less than a month
Edvard Wilson
Edvard Wilson Inactive
Colorado , United States
Member since
Oct 26, 2024
Total Job
7
Last seen
2 weeks ago