Business Continuity Planning and Disaster Recovery Analyst

The Business Continuity Planning and Disaster Recovery Analyst role is responsible for assisting in safeguarding the organization’s operations within a healthcare environment. This position focuses on developing, implementing, and maintaining comprehensive business continuity plans (BCP) and disaster recovery (DR) strategies to ensure minimal disruption to critical IT systems, patient care services, and compliance with regulations such as HIPAA and HITECH, laws, and standards such as NIST CSF, 800-53 Rev. 5. By assisting with development of policies, procedures, audits, risk assessments, and coordinating recovery efforts, the specialist helps maintain data integrity, system availability, and organizational resilience against threats like cyber-attacks, natural disasters, or infrastructure failures. This role often involves collaborating with other departments to gather and analyze data, as well as contributing to the preparation of reports and documentation related to BCP / DR activities.

Required Qualifications:

• Associate’s degree and one (1) year of progressively responsible experience in IT or business continuity planning / disaster recovery roles or three (3) years of progressively responsible experience in IT or business continuity planning / disaster recovery roles .

• Familiarity with healthcare IT systems, compliance standards (e.g., HIPAA), risk management frameworks, and tools.
  

Preferred Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Three (3) years of progressively responsible experience in business continuity planning / disaster recovery, or audit focused roles in a healthcare or regulated industry
• CBCP, CBCI, CRISC, ISO 22301 Lead Auditor or equivalent certification.

• Practical experience with DR tools and software (e.g., backup solutions, cloud recovery platforms, etc.). Ability to rapidly learn and adopt new software tools.

• Exposure to healthcare and education security frameworks (NIST, HIPAA, HITRUST, GLBA).

Travel Required

Travel is expected to be between 0% - 20% of the time. Preference is given to locally based resource near Centra Health facilities.

Essential Duties and Responsibilities:

• Develop, implement, and regularly update BCP and DR plans for IT Infrastructure, including data backup, system restoration, and emergency response protocols.

• Assist in conducting business impact assessments (BIA), Continuity of Operations Plan (COOP), and risk assessments to identify vulnerabilities in critical functions, such as electronic health records (EHR) systems, supporting systems, supply chain operations, etc.

• Coordinate and help facilitate testing exercises, including tabletop simulations, full-scale drills, and live recovery tests, to validate plan effectiveness and staff training needs and opportunities.

• Collaborate with cross-functional teams, including IT, clinical operations, compliance officers, to ensure BCP/DR into governance frameworks and ensure alignment with industry standards, regulations, and laws.

• Assist in monitoring threats, such as cybersecurity incidents or pandemics, and update plans to incorporate lessons learned from incidents or audits.

• Participate in the development and maintenance of the organization's risk register related to BCP/DR. Help in tracking and documenting remediation efforts for identified risks.

• Participate in security auditing processes under the guidance of senior staff.

• Support training and awareness programs for staff on business continuity protocols and their roles in maintaining operational awareness.

Other Functions:

• Demonstrate strong analytical and problem-solving skills.

• Show exceptional attention to detail and strong communications skills for training and stakeholder collaboration.

• Effectively communicate with team members to understand and support GRC and BCP/DR initiatives.

• Contribute to third-party risk management by supporting vendor assessments and evaluations. Assist in analyzing the risk associated with new applications and provide input for approvals.

• Review change management reports to aid in identifying potential high-risk work that could lead to system outages.
• Ability to work outside regular business hours to support actual business interruptions.

Supervisory Responsibilities:

None