Title: Business Continuity/Disaster Recovery Lead
(Third Party Risk Management)
Term: 1 year, potential to renew
Location: Bergen County, NJ, will transition to fully on-site once permissible
Business Continuity, Disaster Recovery & Third Party Risk Management Lead- This is a senior position requiring the following qualifications:
- 5 to 7 years of IT and business work experience with 2-5 years in a Business Continuity and Disaster Recovery program responsibility role.
- At least 2-5 years of experience working directly with business stakeholders, with track record of success, process engineering.
- Mastery of IT security & privacy risk management concepts, including risk register, SOC2, security controls, risk impact assessment, and risk mitigation
- College degree in technical field or 10 years of experience
- Security and Business Continuity certifications a plus
- Familiarity with OneTrust or similar risk assessment platforms/application a plus.
- Familiarity with GxP and CFR21 part 11 concepts a plus
This is a key strategic and operational role in Company’s IT department.
This key role within the company’s IT Security & Compliance organization reports to the head of the group and will work with both IT and business leaders to manage key risks for Company’s Americas business.
Manage the business continuity planning and disaster recovery program. Primary in this responsibility is developing and refining policies and supporting documents that will govern the program. The candidate will work with business and IT leaders to determine application tiering and criticality, conduct BIAs, develop RTO/RPO, and assure capabilities are in place to meet requirements. In addition, the candidate will be responsible for planning and conducting disaster recovery tests.
Additionally, responsible for conducting third party assessments and ensuring data shared with or among third parties has requisite security and privacy protections based on data risk. This includes the policy and other documents required to govern the overall process. The candidate will be responsible for executing assessments as well as the strategic planning of how the function can improve and mature over time.
Finally, may be called upon to perform other roles within the department based upon the needs of the IT group and the overall needs of the business.
The essential functions of this role are:
1. Consults with business leaders and IT project teams as needed.
2. Develops policies and related documentation required to govern assigned roles.
3. Develops and maintains disaster recovery and business continuity plans
4. Addresses and documents findings from internal audits and issues identified during the conduct of BC/DR testing.
5. Refines third party security assessment process.
6. Conducts third party security assessments in accordance with established process and SLAs.
7. Conducts and validates testing and documentation of disaster recovery and business continuity plans.
8. Works on other information security projects on an as-needed basis.