Security Analyst III

Description

The Senior Security Analyst is a key member of the Information Security department and reports to the Chief Information Security Officer and is responsible for strengthening organizational resilience and ensuring the confidentiality, integrity, and availability of mission‑critical systems and data. This role leads the planning, execution, and maintenance of the company’s Business Continuity and Disaster Recovery (BC/DR) program, while also providing subject‑matter expertise in data protection, security controls, risk assessments, and incident preparedness.

The ideal candidate is a proactive analyst with strong technical depth, exceptional communication skills, and the ability to collaborate across Security, IT, Operations, Product, and Executive Leadership to ensure resilient, secure, and compliant business operations.

• Lead the design, development, implementation, and continuous improvement of the enterprise BC/DR strategy.
• Conduct Business Impact Analyses (BIAs) to identify critical business functions, system dependencies, RTO/RPO targets, and potential single points of failure.
• Orchestrate, develop and/or maintain organizational continuity plans, emergency response procedures, DR runbooks, and crisis‑management playbooks.
• Facilitate annual BC/DR tabletop exercises, failover tests, and scenario‑based simulations; document results and ensure corrective actions are completed.
• Partner with Technology Operations, Product Engineering, and Application Owners to validate backup, replication, failover, and data‑recovery capabilities.
• Track and report BC/DR program maturity, risk posture, readiness, and compliance to security leadership and executive stakeholders.
• Support vendor continuity assessments to ensure third‑party resilience aligns with organizational expectations.

• Develop and enforce data-security standards for data classification, handling, retention, encryption, backup, and destruction.
• Oversee the implementation and validation of controls that protect data at rest, in transit, and in use across cloud platforms, endpoints, applications, and SaaS services.
• Conduct technical assessments to evaluate data‑flow risks, exposure points, and adherence to regulatory or contractual requirements (HIPAA, PCI, GDPR, etc., as applicable).
• Work with engineering and IT teams to improve data‑loss prevention (DLP), access control, monitoring, logging, and detection capabilities.
• Support secure architecture reviews of new systems or integrations, with emphasis on data‑security requirements.

• Participate in security incident response, particularly in incidents involving data exposure, system outages, or operational disruption.
• Monitor and analyze security events, vulnerabilities, and threat intelligence with relevance to BC/DR and data‑security posture.
• Lead or support internal and external audits related to business continuity, cybersecurity controls, and data protection.
• Provide risk mitigation recommendations, security requirements, and technical guidance to cross‑functional teams.
• Maintain detailed, accurate documentation for policies, standards, runbooks, testing logs, and security assessments.

• Partner with Legal, Compliance, Technology Operations, and Product Engineering to ensure BC/DR and data‑security practices align with organizational, regulatory, and customer expectations.
• Contribute to the continuous evolution of security governance, metrics, dashboards, and reporting.

• Bachelor’s degree in Information Security, Information Technology, Computer Science, or related field; or equivalent experience.
• 8+ years of experience in information security, IT risk, business continuity, disaster recovery, or cyber resilience roles.
• Hands‑on experience developing and testing BC/DR plans, BIAs, and crisis‑management procedures.
• Strong knowledge of data security principles, including encryption, access management, secure configuration, logging/monitoring, and DLP.
• Familiarity with cloud environments (AWS or Azure) and their native resilience/security features.
• Experience supporting incident response and conducting post‑incident reviews.
• Working knowledge of security frameworks and standards such as NIST CSF, CIS, SOC 2, HITRUST, GDPR, and others.
• Excellent analytical skills with the ability to assess complex technical systems and articulate risks clearly.
• Strong communication and documentation abilities, with experience preparing reports for technical and executive audiences.
• Relevant certifications such as CBCP, MBCI, ISO 22301 Lead Implementer/Auditor, CISSP, CISM, CRISC, or CCSK.
• Experience working in regulated industries (healthcare, financial services, government, etc.).