IT Business Continuity and Resiliency Analyst

AbbVie•North Chicago, IL

About The Position

The Business Continuity and Resilience Consultant is responsible for evaluating both third-party suppliers and AbbVie applications to ensure they meet established business continuity, disaster recovery, and operational resilience standards. This role combines external dependency risk assessment with internal application impact analysis to support informed resiliency decisions across the enterprise. The position partners closely with Application Business Owners, IT Service Owners, Enterprise Third-Party Risk Management, Procurement and other cross-functional stakeholders to ensure business impact tolerance, recovery expectations, and continuity requirements are clearly understood, documented, and addressed through appropriate mitigation strategies.

Requirements

Bachelor’s Degree with 6 years’ relevant experience; Master’s Degree with 5 years’ relevant experience; PhD with 0 years’ experience required.
Familiarity with hybrid, cloud, and SaaS application architectures.
Translate BIA and supplier assessment findings into clear, concise, decision-ready risk statements for leadership and governance audiences.
Support audits, regulatory inquiries, and evidence requests by producing accurate, defensible, and well-documented assessment materials.
Collaborate with incident management, disaster recovery, and service continuity teams to ensure BIA and supplier risk insights inform response planning and recovery decision-making.
Contribute to the ongoing improvement of BIA methodology, assessment standards, templates, and guidance materials.
Monitor trends, issues, and recurring gaps across assessments to identify opportunities for process improvement and resilience enhancement.

Nice To Haves

Experience in Business Continuity, Disaster Recovery, Operational Resilience, Application Impact Assessments, or Third-Party Risk Management.
Experience with tools such as ProcessUnity, Coupa, ServiceNow, Microsoft O365.
CBCP or equivalent continuity/resilience certification.

Responsibilities

Supplier Business Continuity & Disaster Recovery Assessment: Review supplier contracts, master service agreements, and related documentation to confirm business continuity and disaster recovery requirements are risk-based, measurable, and aligned to the criticality of services provided.
Evaluate the continuity and recovery capabilities of critical third-party suppliers, including resilience posture, recovery objectives, and dependency management.
Identify, document, and communicate continuity, concentration, and operational risks introduced through third-party services.
Serve as a subject matter expert on business continuity and disaster recovery matters during risk reviews, governance forums, and stakeholder discussions.
Partner with Enterprise Third-Party Risk Management, Information Security Risk Management, Procurement, and business stakeholders to support remediation planning and risk acceptance decisions.
Communicate the potential operational, regulatory, financial, and business impacts of unresolved or accepted supplier continuity risks.
Participate in governance and risk alignment meetings to ensure third-party continuity risks are properly escalated, tracked, and addressed.
Application Business Impact Analysis (BIA): Perform application Business Impact Analyses (BIAs) to assess operational, financial, regulatory, patient safety, and reputational impacts resulting from application disruption or outage.
Partner with Application Owners and business stakeholders to: Identify critical business processes supported by each application, Define impact tolerances and recovery expectations, Establish recovery time objective (RTO), recovery point objective (RPO), and maximum tolerable disruption (MTD) assumptions, Document, validate, and maintain BIA results in approved systems of record.
Use BIA outputs to support disaster recovery strategy alignment and resiliency planning for hybrid, cloud, and software-as-a-service environments.
Support periodic BIA refresh cycles, recertification activities, and governance reviews in accordance with IT business continuity policy and related standards.
Risk Management, Reporting & Governance: Translate BIA and supplier assessment findings into clear, concise, decision-ready risk statements for leadership and governance audiences.
Support audits, regulatory inquiries, and evidence requests by producing accurate, defensible, and well-documented assessment materials.
Collaborate with incident management, disaster recovery, and service continuity teams to ensure BIA and supplier risk insights inform response planning and recovery decision-making.
Contribute to the ongoing improvement of BIA methodology, assessment standards, templates, and guidance materials.
Monitor trends, issues, and recurring gaps across assessments to identify opportunities for process improvement and resilience enhancement.
Track and report key service continuity metrics, including supplier SLA performance, recovery commitments, open remediation items, and BIA completion/recertification status, to support governance, escalation, and continuous improvement.
Identify opportunities to leverage AI and automation to improve the efficiency, consistency, and scalability of continuity assessments, reporting, documentation, and workflow management.