Cyber Resilience Analyst

10 Month Fixed-Term Contract

We are looking for a Resilience Analyst to act as the custodian of the organisation's Cyber Resilience Framework, playing a critical role in managing the integrity and keeping up to date the data and documentation that underpins ITV's resilience and recovery programme. With the Cyber Resilience Manager, you will maintain the central Resilience Risk Register, ensure all Recovery Plans are current, and support the execution of resilience rehearsals and exercises. Acting as a vital bridge between Cyber Security and Technical teams, you will ensure documented procedures accurately reflect real-world system configurations and operational environments. This is a detail-oriented, coordination-heavy role requiring strong follow-through, resilience domain knowledge and the confidence to challenge where technical details do not align with business plans.

This role sits within ITV's Cyber Security team, who are responsible for protecting ITV's technology estate, supporting the business in managing cyber risk effectively, and ensuring our security processes, policies and controls remain robust, proportionate and aligned to ITV's risk appetite.

Responsibilities

• Resilience Framework & Risk Register: Own the daily management of the Resilience Framework, maintaining the Resilience Register as the single source of truth, ensuring all Critical Services in business plans are accurately mapped to servers, applications and third-party vendors, and partnering with Enterprise Architecture to keep records current in relevant platforms.
• Vendor Database Management: Maintain critical vendor contacts and perform periodic checks to verify emergency contact details remain valid and operational.
• Plan & Documentation Management: Manage version control and distribution of all Workaround Plans and Technical Runbooks, ensuring the latest approved versions are accessible to relevant stakeholders and remain aligned to live system configurations.
• Readiness & Crisis Preparation: Manage readiness status of crisis documentation, distribute relevant plans ahead of exercises or incidents, and ensure no required information is missing or outdated.
• Break Glass Administration: Audit and track privileged or emergency access to systems (including out-of-band access), monitor testing status, and proactively follow up with non-compliant users.
• Exercise Support: Act as official Scribe during Tabletop Exercises, logging decisions, tracking timelines and recording lessons identified in real time.
• Remediation Tracking: Own and manage the Remediation Tracker following exercises or audits, proactively chasing updates from owners and reporting progress to the Head of Security Risk.
• Resilience Reporting: Aggregate data on testing status, plan currency and vendor risks to produce the monthly Resilience Dashboard for leadership review.

Skills you’ll need (minimum criteria)

• At least 2-3 years’ experience within the Cyber Resilience, IT Recovery or Disaster Recovery space, with demonstrable exposure to recovery planning, resilience testing or incident recovery processes.
• Experience working within a Cyber Security or Technology team supporting incident management, recovery planning and ongoing risk management processes.
• Knowledge of cybersecurity frameworks and standards, ideally with familiarity of ISO 22301, NIST or similar resilience-focused frameworks.
• Good understanding of threats, vulnerabilities and risk management principles within operational and technology environments.
• Experience maintaining risk registers, recovery documentation or resilience frameworks with strong attention to detail and version control discipline.

Other things we’re looking for (key criteria)

• Professional certification or relevant experience in Cyber Risk or Resilience.
• Familiarity with collaboration tools such as Jira, Confluence and Slack.
• Previous involvement in Business Continuity planning or Incident Management.