Senior Cyber Security Analyst – Governance (Disaster Recovery, Business Impact)

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, Business Continuity, or a related field (or equivalent experience).
• 4–6 years of experience in cybersecurity governance, IT risk management, disaster recovery, business continuity, or technology audit.
• Experience governing or assessing BIAs, disaster recovery planning, recovery testing, and issue remediation.
• Working knowledge of disaster recovery and resilience frameworks such as ISO 22301 and NIST SP 800-34.
• Strong analytical, documentation, and stakeholder communication skills.

Nice To Haves

• Experience in a large, complex, or regulated enterprise environment.
• Familiarity with GRC tools, risk registers, or audit management platforms.
• Relevant certifications (preferred but not required): CBCP, CISA, CRISC, CISSP.

Responsibilities

• Govern execution of the enterprise disaster recovery framework to ensure recoverability expectations are defined, implemented, and sustained for in-scope systems.
• Apply and enforce disaster recovery governance standards, processes, and controls across the organization.
• Maintain oversight of disaster recovery scope, critical system classifications, recovery objectives, and assurance requirements.
• Govern the completion and ongoing maintenance of Business Impact Analyses (BIAs) to identify critical applications, recovery objectives, and system dependencies.
• Review and challenge BIAs for quality, consistency, and alignment with enterprise resilience requirements.
• Ensure BIAs remain current and reflect changes in business operations, technology, and risk.
• Provide governance oversight of periodic disaster recovery simulations, tabletop exercises, and recovery tests.
• Evaluate testing outcomes to assess the organization’s ability to recover systems within defined recovery objectives.
• Identify testing gaps, trends, and weaknesses, and recommend improvements to testing practices.
• Maintain oversight of disaster recovery–related risks, findings, and corrective action plans.
• Ensure issues identified through BIAs, testing, or audits are documented, assigned, tracked, and remediated.
• Monitor remediation progress and escalate risks or delays as appropriate.
• Support internal and external audits related to disaster recovery by coordinating evidence and preparing governance documentation.
• Ensure disaster recovery governance activities are audit-ready and defensible.
• Drive continuous improvement by identifying recurring issues and recommending process or control enhancements.
• Provide guidance and consultation to application owners on disaster recovery planning and alignment with enterprise standards.
• Act as an escalation point for complex disaster recovery planning or governance issues.
• Collaborate with IT, infrastructure, cloud, and business continuity teams to promote consistent implementation of disaster recovery requirements.