Responsibilities/Job Description:
The Principal Cybersecurity Analyst for Business Continuity Management will lead a team of analysts dedicated to supporting operational departments in the creation, implementation, and maintenance of business continuity plans and related initiatives. This role requires a strategic thinker with deep expertise in disaster preparedness and emergency management, particularly within large healthcare organizations. The analyst will collaborate closely with Enterprise Resiliency leadership and departmental stakeholders to advance the organization’s business continuity capabilities within defined timelines. They will also be responsible for optimizing processes, enhancing reporting frameworks, and evolving the business continuity management system to increase organizational value and drive widespread adoption. The ideal candidate will bring substantial experience in business continuity and emergency management, with a proven track record of building resilient programs that protect organizations during and after disruptive events. Strong leadership, along with exceptional written and verbal communication skills, is essential for success in this role.
Job Expectations:
-
Provide technical leadership to write/review/enhance security policies, standards, methods and/or procedures.
- Lead teams to test and govern Cybersecurity controls and their enforcement at M Health Fairview. Make recommendations and lead response teams to deploy necessary controls and address identified gaps
- Lead tactical and strategic teams to define, collect, analyze and prioritize security requirements based on evolving technical and security needs for the company, indicators of compromise, indicators of anomalous behavior and/or external threat indicators
- Build and enhance security threat models for specific applications and technology areas considering risk, policy, compliance needs.
- Participate in industry forums and relevant technical briefings to understand advancements in Cybersecurity and Risk Management areas, compliance, governance and business continuity management capabilities.
- Apply understanding of various domains of security including authentication, authorization, network security, data, system device and Operating Systems, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments
- Analyze risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack
- Lead collaboration work with vendors, health and business partners to ensure security remediation milestones are being met
- Lead technical and risk management groups to identify and remediate gaps including tool/technology deficiencies or develop compensating control measures
- Lead Red/Blue/Purple teams as needed to test security controls and help improve security posture of M Health Fairview.
- Assist in design, implement, maintain and support current and future complex information security technologies, processes and procedures. Lead the design and development of security controls that ensure the safety of information assets and protect from unauthorized access or intentional destruction.
- May lead complex projects related to security regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Assure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
- Foster a culture of improvement, efficiency gains and innovative thinking. Coach and mentor team members as needed. Adapt and embrace change and demonstrate flexibility in taking up and fulfilling other duties as assigned.
Additional Job Responsibilities:
- Program Strategy & Evolution: Lead efforts to support, maintain, and continuously improve the enterprise resiliency program and its core strategies.
- Team Leadership & Mentorship: Provide guidance and oversight to junior analysts, fostering skill development and effective contributions to the resiliency program.
- Cross-Department Collaboration: Partner with department leaders to promote understanding of enterprise resiliency principles and their implementation.
- Lifecycle Coordination: Organize and facilitate resiliency lifecycle activities, preparing departments for successful Business Continuity (BC) Plan creation.
- Cybersecurity & Emergency Integration: Collaborate with cybersecurity and emergency management teams to align BC plans within the broader resiliency framework.
- Performance Measurement: Support the creation of relevant metrics and KPIs to track the effectiveness and progress of resiliency initiatives.
- Continuous Improvement: Analyze operational feedback and industry trends to propose enhancements that elevate the resilience strategy.
- Industry Monitoring & Compliance: Stay informed on best practices, emerging threats, and regulatory shifts to ensure program adaptability and compliance.
- Workflow Optimization: Participate in regular team meetings to identify process inefficiencies and contribute to workflow improvements.
- On-Site Support: Travel to operational sites to assist leaders with hands-on plan development and implementation guidance.
Required Qualifications
Education
- Bachelor’s degree in Technology, Liberal Arts, Engineering or related disciplines or combination of relevant experience/education.
Experience
- 10+ years of cumulative experience in engineering, development and/or support of IT Systems
- 5+ years of experience in two or more areas of IT Security Risk and Compliance management areas - Risk Management, Disaster Recovery, BCP, Governance, Audit, Security Operations, Policy & Awareness, Security Training & Threat modeling
- Experience building and executing business continuity programs.
- Experience deploying and/or managing tools, methods and processes associated with enterprise resiliency/business continuity.
- Previous experience leading teams.
- Understanding and experience implementing disaster recovery planning or emergency management practices.
- Excellent understanding of fundamentals of IT systems, frameworks, development methodologies, network, firewalls, communication layers, devices/end points, computing environment
- Deeper understanding of Threats, Vulnerabilities, Risk, Cybersecurity frameworks, policies and Cybersecurity standards
- Understanding of Web Applications, software security, security frameworks
- Ability to thrive in a sense-of-urgency environment and leverage best practices
Language & Communication Skills
-
Excellent ability to effectively communicate both verbally and written with all levels within the organization
- Ability to visually represent technical, logical and system interaction concepts and adjust messaging based on the audience, including non-technical groups
- Expertise in use of visual representation tools such as MS Visio Pro, PowerPoint
- Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
- Ability to work well within a team environment, as well as independently
Preferred Qualifications
Experience
- Bachelor’s degree or higher in Computer Science, Computer Engineering, Digital Forensics, Cybersecurity and/or related technical discipline.
- Prior work experience within healthcare organizations
Experience
- Ability to author and edit scripts such as PowerShell, Python and exposure to or knowledge of REST API and JSON batching and workflow automation
License/Certification/Registration
- Industry specific certifications – Security+, CISSP, CISM, CISA, CBCP ABCP CBCI, CEM, or equivalent business continuity certification
Qualifications: $124176.00-$175323.20 Annua
Linked-in
Google