Analyst Sr, Risk & Compliance; Business Continuity Lead

Summary of Job Description

This position will be primarily responsible for the management of the Technology Organization’s (TO) Business Continuity Program including the TO Crisis Management process. This position will also serve in a secondary role of supporting the TO Risk Profile. This position will be a member of the Technology Risk and Compliance team within Technology Services, reporting to the Technology Risk and Compliance Manager.

The Risk and Compliance team manages multiple compliance programs and provides risk management services to members of TO. The position is based in Birmingham at APC headquarters or Atlanta at GPC headquarters.

• Lead and evolve the TO Business Continuity Program in alignment with the Southern Company Business Assurance Council charter.

• Partner with teams across the Technology Organization to annually update the Business Continuity Plan (BCP) and identify gaps.

• Develop and lead the annual schedule for exercising and testing the BCP to ensure validity, track improvements, and drive action plans.

• Review and update the plan following organizational changes or after activation during a disruptive event.

• Implement structures enabling an effective and proportional response to major disruptions.

• Facilitate execution of business continuity plans during actual events in partnership with TO Leadership, including the CITO.

• Present Business Continuity Program status updates to executive leadership.

• Evaluate recovery strategies with critical activity owners to ensure recovery objectives can be met within required time frames.

• Provide training to personnel responsible for executing business continuity roles.

• Conduct workshops to build broad organizational awareness of continuity plans.

• Coordinate program activities with the Enterprise Risk Management Organization and Enterprise Resilience Team.

• Maintain the organizational Business Impact Analysis (BIA) in collaboration with the Enterprise Resilience Team.

• Develop, maintain, and oversee the TO Crisis Management Process, integrating multiple related plans such as the TO Business Continuity Plan, Storm Plan/Logistics Process, Disaster Recovery Plan, Critical Situation (Crit Sit) Process, and Cyber Security Incident Response Plan.

• Establish and maintain clear governance for the crisis management process.

• Develop and oversee a comprehensive, holistic crisis management framework for the Technology Organization.

• Partner with other plan owners to ensure clear communication channels during plan activation.

• Support TO crisis management execution during real‑world events as needed.

• Lead testing efforts for the Crisis Management process in coordination with related organizational plans.

• Coordinate communications with TO and operating company IST teams during events.

• Review Crisis Management Program status with executive leadership and organizational management.

• Communicate the overall crisis management approach and clarify roles of related plans for participants and stakeholders.

• Maintain the TO Business Impact Analysis (BIA) to drive crisis management recovery priorities.

Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.

Industry certifications including but not limited to:

• ABCP (Associate Business Continuity Professional)

• CBCP (Certified Business Continuity Professional)

• CDRE (Certified Disaster Recovery Engineer)

• CFCP (Certified Functional Continuity Professional)

• MBCP (Master Business Continuity Professional)

• CMCS (Crisis Management Certified Specialist)

Prior experience in disaster recovery, business continuity or crisis management

• Disaster Recovery

• Business Continuity

• Crisis Management

• Governance/Risk and Compliance

• Experience creating, implementing, maintaining and monitoring policies, standards, procedures, programs, plans and processes

• Experience in maintaining a Business Continuity / Disaster Recovery / Crisis Management program and deliverables

• Understands the basic tenants of enterprise risk management (threat management, vulnerability management, and risk treatment).

• Extremely detail oriented while working in a fast-paced environment

• Strong oral and written communication skills with ability to communicate effectively at all levels

• Strong interpersonal skills to effectively interact with several departments, auditors, and management

• Capable of understanding complex technical information

• Strong analytical skills

• Positive attitude, team player & creative problem-solving skills

• Effective time management skill and good business judgment

• Able to multi-task and prioritize multiple projects simultaneously

• Proficiency with computer skills including Microsoft Suite products (MS Word, Excel, PowerPoint) required

• Ability to balance…