Responsible for planning, implementing, managing and coordinating all aspects of Emory’s enterprise-wide disaster recovery program which spans both university and healthcare lines of business, including the direct management and supervision of associated staff. Serves as the primary subject matter expert for IT disaster recovery within the institution. Collaborates closely with key IT and business stakeholders to develop, implement, and test disaster recovery plans and procedures. Ensures alignment with Emory’s Business Continuity and Critical Event Preparedness and Response programs. Develops and maintains disaster recovery policies, procedures, guidance and training and monitor adherence to disaster recovery requirements. Develops and maintains a central repository of disaster recovery documentation, artifacts, plans, test results, and other information necessary to effectively recover from adverse events.
Develops disaster recovery governance processes. Provides regular executive level reporting on the status of the disaster recovery program. Identifies, implements, and maintains appropriate information technologies to facilitate management of the disaster recovery program. Plays a lead/coordinating role in the recovery of systems in response to actual adverse events. Stays informed of current state of the art disaster recovery and business continuity best practices. Maintains situational awareness of the latest security threats and vulnerabilities and those most likely to lead to adverse events. Other responsibilities as assigned.
Certifications that are most relevant for this position include:
- CBRITP - Certified Business Resilience IT Professional
- CBRM – Certified Business Resilience Manager
- DRCP – Disaster Recovery Certified Planner
- DRCS – Disaster Recovery Certified Specialist
- DRCE – Disaster Recovery Certified Expert
- EDRP – EC-Councli’s Disaster Recovery Professional
- Technical design, implementation, maintenance, and strategic thought-leadership responsibilities for multiple information security disciplines such as security policy, awareness and education, risk management, incident response, vulnerability management, intrusion detection and prevention, regulatory compliance, and security operations.
- Drafts and reviews information security policies, processes, and procedures. Prepares information security awareness and education materials and other documentation.
- Determines and documents information security requirements and controls necessary for the protection of information resources. Implements and administers plans, processes, and procedures necessary to ensure compliance.
- Supervises other information security professionals and acts as a senior consultant to internal and external stakeholders or auditors as well as senior management.
- Provides guidance and assistance regarding information security matters such as the interpretation of information security policies and requirements or their applicability to particular situations.
- Oversees information security incident response activities, risk assessment and risk management activities, and vulnerability assessment and vulnerability management activities spanning multiple business units.
- Manages detailed network, operating system, database, and application vulnerability assessments and security configuration audits.
- Manages information security projects and initiatives.
- Oversees operational tasks supporting information security functions such as intrusion detection and prevention, security event log analysis, management reporting, virus prevention and remediation, encryption, network segmentation, remote access and authentication.
- Supports, maintains, monitors, troubleshoots and enhances security infrastructure tools, methodologies, software, and hardware. Independently develops automated tools and methodologies in support of Information Security functions.
- Analyzes data from Information Security functions and provides reports and recommended response actions to Information Security management.
- Represents Information Security to other organizations on information security related matters, as assigned.
- Publishes regular status reports and submits to management.
- Performs related responsibilities as required.
- A Bachelor's degree and seven years of related IT experience including demonstrated technical expertise in multiple information security domains, project management skills and lead or supervisory experience or an equivalent combination of education, training and experience.
- Excellent project management and team participation skills.
- Good written and verbal communication skills.
- Strongly preferred qualifications include: knowledge of information security technologies, methodologies, and practices in security policy, standards, and best practices; security awareness; security incident response; risk assessment and management; vulnerability assessment and management; intrusion detection and prevention; system administration (Windows, OS X, Linux, Solaris, etc.); auditing and security administration of network, operating system, database and application security; access control; encryption; firewalls and proxies; networking; security event log analysis; virus prevention and remediation; and programming/scripting.
- Security certifications are a plus (e.g. SANS/GIAC, CISSP, CISA, CISM).
- Expert level knowledge of disaster recovery practices and methodologies
- Experience developing and testing disaster recovery plans and procedures
- Excellent collaboration skills
- Excellent understanding of disaster recovery related compliance requirements
- Experience creating and delivering training content
- Understanding of key business continuity concepts
- Excellent organization, attention to detail, and documentation skills
- Excellent written and verbal communication skills are critical to the success of this position
- Experience establishing interdepartmental relationships
- Prior staff management or project management experience
- Prior incident or crisis management experience
NOTE: This role will be granted the opportunity to work from home temporarily during the COVID-19 pandemic, with intent to return to an Emory University location in the future. Emory reserves the right to change this status with notice to employee.