Senior Operational Risk Analyst (Tech Resilience)

About The Position

Requirements

• Bachelor’s degree in Information Technology, Risk Management, Business, or equivalent combination of training, education and experience.
• Experience in highly regulated industries (finance, healthcare, critical infrastructure) or large distributed enterprise environments.
• Experience in technology, IT operations, architecture, business continuity, disaster recovery or technology risk
• Strong understanding of application, infrastructure, and data architectures and dependencies, and how they support service resilience and recovery during disruptions
• Experience assessing third ‑ party business continuity and disaster recovery capabilities
• Knowledge of risk and resilience frameworks: FFIEC, ISO 22301, NIST SP 800-34, ISO 27001
• Ability to translate technical concepts into business impact and risk language
• Advanced organizational, planning, and time management skills

Nice To Haves

• Master’s Degree in a related field or an equivalent combination of training, education, and experience that provided exposure to or management of ORM-related risk domains.
• Experience with cloud platforms (AWS, Azure, GCP) and related resiliency tooling (replication, multi-region architectures, backup automation.
• Relevant field certifications such as MBCP, CBCP, CCRP, CRISC, CISM, SRE, Certified Solutions Architect (AWS, Azure), etc.
• Experience in Financial Services, First, Second, and/or Third Line Risk Management

Responsibilities

• Support the development, maintenance, and continuous improvement of the Technology Resiliency framework within the broader Business Continuity and Business Resiliency program.
• Provide independent second‑line oversight and challenge of technology resiliency practices, including IT disaster recovery plans, technology continuity strategies, and recovery testing activities executed by first‑line teams.
• Identify and assess technology resiliency risks, including operational, design, and process deficiencies, and determine improvement opportunities aligned to business and regulatory expectations.
• Translate enterprise resiliency principles into clear, risk‑based guidance to promote consistent application across technology teams while allowing flexibility based on system criticality and architecture.
• Assess alignment between business‑defined recovery expectations and technology capabilities by reviewing critical services and their supporting applications, infrastructure, data, and third‑party dependencies.
• Review and challenge technology recovery and resilience strategies, including disaster recovery, high availability, backup, and failover solutions, to identify single points of failure, concentration risks, and architectural weaknesses that could impact service availability, continuity, or recoverability.
• Provide risk‑based recommendations that balance resiliency outcomes with cost, complexity, and operational feasibility.
• Review, challenge, and validate the results of technology recovery testing and resilience exercises, and escalate material gaps where recovery capabilities do not meet business needs.
• As part of Third Party Risk Management, perform assessments of third‑party services, evaluating vendor recovery strategies, testing evidence, dependency transparency, and alignment to enterprise resiliency requirements.
• Provide leadership with clear, risk-based insights into the organization’s overall technology resiliency posture, including emerging risks, trends, and areas requiring escalation or remediation.
• Assist in drafting and maintaining Technology Resiliency governance directives, and partner with senior leaders to socialize, vet, publish, and monitor adherence across the organization.