Key skills
Business ContinuityDisaster RecoveryOperational ResilienceBusiness Impact AnalysisRecovery PlanningDependency MappingResilience TestingRemediation TrackingISO 22301NIST FrameworksFFIEC GuidanceCloud Infrastructure ResilienceIncident Response CoordinationVendor Recovery PlanningAudit SupportRegulatory ComplianceProgram GovernanceExecutive ReportingCBCP CertificationCISSP CertificationCISM CertificationCRISC CertificationAIRisk Management
About this role
Upstart is a leading AI lending marketplace focused on reducing the cost and complexity of borrowing for Americans. They are seeking a Principal Program Manager for Business Continuity & Disaster Recovery to lead their program, ensuring operational resilience and effective response to disruptive events by collaborating with various teams within the organization.
Responsibilities:
- Lead the enterprise business continuity and disaster recovery program strategy, execution, governance, and ongoing maturity efforts
- Own and mature the business impact analysis process, including critical business process identification, dependency mapping, ownership assignment, risk-rating methodology, and recovery strategy development
- Develop and maintain business continuity plans, disaster recovery plans, crisis management processes, and supporting documentation for critical business and technology functions
- Drive cross-functional execution across Technology, Security, Office Operations, Vendor Management, Enterprise Risk Management, Compliance, and business process owners to ensure continuity and recovery plans are actionable, tested, and maintained
- Coordinate disaster recovery exercises, tabletop tests, remediation tracking, and evidence collection to improve organizational preparedness and support audit or regulatory expectations
- Maintain and improve program repositories, workflows, and reporting, including business impact analysis records, recovery plans, testing evidence, program metrics, and remediation status
Requirements:
- Bachelor's degree in Information Security, Computer Science, Business, Risk Management, or a related field, or equivalent practical experience, plus 8 years of experience in business continuity, disaster recovery, operational resilience, information security, risk management, or program management
- 8+ years of experience leading or materially maturing business continuity, disaster recovery, or operational resilience programs
- Experience designing or maturing business continuity, disaster recovery, or operational resilience programs in a bank, fintech, lending, or other regulated financial services environment
- Experience conducting business impact analyses, recovery planning, dependency mapping, resilience testing, and remediation tracking
- Experience implementing or operating against business continuity, disaster recovery, or operational resilience frameworks or standards such as ISO 22301, NIST, FFIEC, or equivalent regulatory guidance
- Knowledge of technology resilience concepts, including cloud infrastructure resilience, service outages, incident response coordination, system dependencies, and vendor recovery planning
- Experience supporting audits, regulatory reviews, or compliance initiatives related to business continuity, disaster recovery, or operational resilience
- Skilled in developing scalable operational processes, program governance models, documentation repositories, and executive-level reporting
- Ability to communicate resilience risks, recovery strategies, and program priorities to technical and non-technical stakeholders
- Professional certifications such as CBCP, CISSP, CISM, CRISC, or related business continuity, security, or risk certifications