Staff Cybersecurity Analyst, Resilience and Disaster Recovery

About Rivian Rivian is on a mission to keep the world adventurous forever. This goes for the emissions-free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract. As a company, we constantly challenge what’s possible, never simply accepting what has always been done. We reframe old problems, seek new solutions and operate comfortably in areas that are unknown. Our backgrounds are diverse, but our team shares a love of the outdoors and a desire to protect it for future generations. Role Summary We are seeking an experienced disaster recovery professional to develop and implement a comprehensive operational resilience and disaster recovery program across the company. This role will be responsible for establishing the disaster recovery framework, related policies and procedures, and ensure business continuity and minimize disruption in the event of incidents or disasters. In this role, you will develop the program; executing strategy, perform business impact analyses of critical apps, help critical system owners develop their DR plans, and help coordinate the testing of those plans, and maintain DR governance documents. Responsibilities Program Leadership & Governance Lead the Disaster Recovery (DR) program, defining long-term strategy and roadmap for Rivian's resilience. Own and refine DR governance, standards, and templates (policy, DRP templates, test work plans) across cloud, on-prem, and SaaS. Partner with Business Continuity leaders to align BC and DR strategies, including shared BIA, criticality tiers, and recovery thresholds. Planning, BIA & Critical Application Coverage Lead Business Impact Analyses for critical applications and services, establishing and maintaining RTO/RPO targets. Maintain the inventory of critical assets and map them to DR requirements and tiers. Lead development of the Rivian IT DR Plan and support system owners in designing application-level plans, including backup, recovery, and failover/failback strategies. Execution, Testing & Training Coordinate and lead tabletop, functional, and live DR tests; document scenarios, success criteria, and after-action reports, ensuring remediation is owned and tracked. Partner with Cybersecurity, Incident Response, and IT Operations to design and test cyber-disaster scenarios (e.g., ransomware, major data loss) that exercise both IR and DR playbooks. Develop and deliver DR training for system owners, IT responders, and business stakeholders. Monitoring, Metrics & Continuous Improvement Define, track, and report DR KPIs and KRIs (RTO/RPO adherence, plan coverage, test success rates, corrective-action closure) to Cybersecurity leadership, Cyber SteerCo, and audit forums. Analyze test results, incidents, and audit findings to identify resilience gaps; prioritize remediation and update DR strategies, runbooks, and architectures. Third-Party & Platform Resilience Lead vendor and third-party DR engagement (DRaaS providers, backup platforms, critical SaaS), including reviewing/negotiating DR-relevant SLAs and validating vendor capabilities. Partner with backup, cloud, and infrastructure teams to ensure DR patterns (immutable backups, multi-region failover) are designed, documented, and tested for critical workloads. Qualifications 7+ years of experience in disaster recovery, operational resilience, or business continuity, including hands-on work with DR planning, testing, and recovery events; exposure to cybersecurity, IT risk, or GRC preferred. Strong understanding of IT infrastructure and cloud platforms, including data backup and recovery for both on-prem and cloud-based solutions. Demonstrated experience leading BIAs, RTO/RPO definition, and DR testing for complex, distributed application portfolios. Proven ability to influence and collaborate cross-functionally with IT, Cybersecurity, Business Continuity, Procurement, Legal, and business owners. Excellent communication skills, with the ability to explain technical DR concepts and trade-offs to non-technical audiences and executive stakeholders. Strong analytical and problem-solving skills, able to prioritize and execute multiple initiatives in a fast-paced environment. Preferred Qualifications & Certifications Experience working in joint-venture or multi-party environments and with ISO 27001-aligned ISMS or similar frameworks. Familiarity with GenAI / automation to streamline DR reporting, testing orchestration, and evidence collection. Relevant certifications such as CBCP (Certified Business Continuity Professional), CBRITP (Certified Business Resilience and IT Professional), CISSP, AWS Certified Solutions Architect, or similar. Education Bachelor's degree in Information Systems, Computer Science, Cybersecurity, Data/Analytics, or a related technical field, or equivalent practical experience. Pay Disclosure The salary range for this role is $140,800 to $186,500 for California based applicants. This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An employee’s position within the salary range will be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, experience, skills, geographic location, shift, and organizational needs. The successful candidate may be eligible for annual performance bonus and equity awards. We offer a comprehensive package of benefits for full-time and part-time employees, their spouse or domestic partner, and children up to age 26, including but not limited to paid vacation, paid sick leave, and a competitive portfolio of insurance benefits including life, medical, dental, vision, short-term disability insurance, and long-term disability insurance to eligible employees. You may also have the opportunity to participate in Rivian’s 401(k) Plan and Employee Stock Purchase Program if you meet certain eligibility requirements. Full-time employee coverage is effective on their first day of employment. Part-time employee coverage is effective the first of the month following 90 days of employment. More information about benefits is available at rivianbenefits.com. You can apply for this role through careers.rivian.com (or through internal-careers-rivian.icims.com if you are a current employee). This job is not expected to be closed any sooner than 1/23/26. Equal Opportunity Rivian is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender, gender expression, gender identity, genetic information or characteristics, physical or mental disability, marital/domestic partner status, age, military/veteran status, medical condition, or any other characteristic protected by law. Rivian is committed to ensuring that our hiring process is accessible for persons with disabilities. If you have a disability or limitation, such as those covered by the Americans with Disabilities Act, that requires accommodations to assist you in the search and application process, please email us at candidateaccommodations@rivian.com. Candidate Data Privacy Rivian may collect, use and disclose your personal information or personal data (within the meaning of the applicable data protection laws) when you apply for employment and/or participate in our recruitment processes (“Candidate Personal Data”). This data includes contact, demographic, communications, educational, professional, employment, social media/website, network/device, recruiting system usage/interaction, security and preference information. Rivian may use your Candidate Personal Data for the purposes of (i) tracking interactions with our recruiting system; (ii) carrying out, analyzing and improving our application and recruitment process, including assessing you and your application and conducting employment, background and reference checks; (iii) establishing an employment relationship or entering into an employment contract with you; (iv) complying with our legal, regulatory and corporate governance obligations; (v) recordkeeping; (vi) ensuring network and information security and preventing fraud; and (vii) as otherwise required or permitted by applicable law. Rivian may share your Candidate Personal Data with (i) internal personnel who have a need to know such information in order to perform their duties, including individuals on our People Team, Finance, Legal, and the team(s) with the position(s) for which you are applying; (ii) Rivian affiliates; and (iii) Rivian’s service providers, including providers of background checks, staffing services, and cloud services. Rivian may transfer or store internationally your Candidate Personal Data, including to or in the United States, Canada, the United Kingdom, and the European Union and in the cloud, and this data may be subject to the laws and accessible to the courts, law enforcement and national security authorities of such jurisdictions. Please note that we are currently not accepting applications from third party application services. Program Leadership & Governance Lead the Disaster Recovery (DR) program, defining long-term strategy and roadmap for Rivian's resilience. Own and refine DR governance, standards, and templates (policy, DRP templates, test work plans) across cloud, on-prem, and SaaS. Partner with Business Continuity leaders to align BC and DR strategies, including shared BIA, criticality tiers, and recovery thresholds. Planning, BIA & Critical Application Coverage Lead Business Impact Analyses for critical applications and services, establishing and maintaining RTO/RPO targets. Maintain the inventory of critical assets and map them to DR requirements and tiers. Lead development of the Rivian IT DR Plan and support system owners in designing application-level plans, including backup, recovery, and failover/failback strategies. Execution, Testing & Training Coordinate and lead tabletop, functional, and live DR tests; document scenarios, success criteria, and after-action reports, ensuring remediation is owned and tracked. Partner with Cybersecurity, Incident Response, and IT Operations to design and test cyber-disaster scenarios (e.g., ransomware, major data loss) that exercise both IR and DR playbooks. Develop and deliver DR training for system owners, IT responders, and business stakeholders. Monitoring, Metrics & Continuous Improvement Define, track, and report DR KPIs and KRIs (RTO/RPO adherence, plan coverage, test success rates, corrective-action closure) to Cybersecurity leadership, Cyber SteerCo, and audit forums. Analyze test results, incidents, and audit findings to identify resilience gaps; prioritize remediation and update DR strategies, runbooks, and architectures. Third-Party & Platform Resilience Lead vendor and third-party DR engagement (DRaaS providers, backup platforms, critical SaaS), including reviewing/negotiating DR-relevant SLAs and validating vendor capabilities. Partner with backup, cloud, and infrastructure teams to ensure DR patterns (immutable backups, multi-region failover) are designed, documented, and tested for critical workloads. 7+ years of experience in disaster recovery, operational resilience, or business continuity, including hands-on work with DR planning, testing, and recovery events; exposure to cybersecurity, IT risk, or GRC preferred. Strong understanding of IT infrastructure and cloud platforms, including data backup and recovery for both on-prem and cloud-based solutions. Demonstrated experience leading BIAs, RTO/RPO definition, and DR testing for complex, distributed application portfolios. Proven ability to influence and collaborate cross-functionally with IT, Cybersecurity, Business Continuity, Procurement, Legal, and business owners. Excellent communication skills, with the ability to explain technical DR concepts and trade-offs to non-technical audiences and executive stakeholders. Strong analytical and problem-solving skills, able to prioritize and execute multiple initiatives in a fast-paced environment. Preferred Qualifications & Certifications Experience working in joint-venture or multi-party environments and with ISO 27001-aligned ISMS or similar frameworks. Familiarity with GenAI / automation to streamline DR reporting, testing orchestration, and evidence collection. Relevant certifications such as CBCP (Certified Business Continuity Professional), CBRITP (Certified Business Resilience and IT Professional), CISSP, AWS Certified Solutions Architect, or similar. Education Bachelor's degree in Information Systems, Computer Science, Cybersecurity, Data/Analytics, or a related technical field, or equivalent practical experience.