Senior Information Security GRC Specialist

3 weeks ago
Full-time
Senior
Cybersecurity
BHG Financial

BHG Financial

BHG Financial is a pioneering financial company that specializes in providing innovative solutions for business professionals, consumers, and financial institutions nationwide. With a focus on technology, analytics, and exceptional service, BHG offers ...

Diversified Financial Services
1K-5K
Founded 2001

Description

  • Own and lead the enterprise Business Continuity and Disaster Recovery (BC/DR) program, including strategy, governance, and execution.
  • Define and maintain BC/DR frameworks, policies, standards, recovery objectives, system tiering, and recovery strategies.
  • Drive enterprise-wide Business Impact Analysis (BIA) processes to identify critical services, dependencies, and recovery priorities.
  • Establish and oversee BC/DR testing strategy, including scenario design, execution, and continuous improvement of recovery capabilities.
  • Evaluate organizational resilience and identify gaps, risks, and opportunities to improve recovery readiness.
  • Advise leadership on resilience risks, recovery tradeoffs, and business continuity investment priorities.
  • Report on BC/DR readiness and testing outcomes to senior leadership and support board-level reporting.
  • Lead or support risk assessments for critical systems, strategic initiatives, and operational processes.
  • Partner with Enterprise Risk Management, Legal, and Technology teams to align BC/DR with broader risk management practices.
  • Drive a culture of resilience and security awareness through training, exercises, and communications.

Requirements

  • 8 years of experience in the Information Security GRC field, or a combination of relevant experience and education.
  • Experience in a BC/DR role with a solid understanding of planning and testing.
  • Bachelor’s degree, ideally in Computer Engineering, Computer Science, Cybersecurity, or Information Systems Management.
  • Current relevant certifications such as CISA, CISM, or CRISC, or willingness to obtain one within 1 year of assignment.
  • Familiarity with compliance requirements such as FFIEC, PCI, GLBA, CCPA, and SOX.
  • Familiarity with information security frameworks such as SOC 2, NIST, ISO, and FISMA.
  • Familiarity with risk frameworks such as OCTAVE, FAIR, ISACA Risk IT, ISO 27005, and NIST CSF.
  • Strong documentation, interpersonal, and communication skills with the ability to adapt communication for business stakeholders.
  • Ability to manage multiple priorities, analyze information, and solve complex problems creatively.
  • Valid U.S. work authorization is required, and the role is not eligible for employer-sponsored immigration.
  • Travel required during the first 6 months, with ongoing travel of approximately 5% annually thereafter.

Benefits

  • Medical, prescription, dental, and vision coverage for employees and eligible family members.
  • Competitive PTO and vacation policies.
  • One Friday off each month for Wellness Weekends.
  • Company 401(k) plan with employer contributions after one year.
  • Company-sponsored training and certification opportunities.
  • Quarterly award ceremonies with additional bonuses for top achievers.
  • Ongoing volunteer opportunities through the BHG Cares program.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Professional Services Engineer - DOW Skillbridge Approved

Corelight 251-1K IT Services

Corelight is hiring a Professional Services team member to help customers deploy and use its cybersecurity products while improving network security and supporting incident investigations and integrations.

Bash Cybersecurity Elasticsearch Kafka Linux Logstash macOS Perl PowerShell Python SIEM Splunk TCP/IP Unix
4 hours, 16 minutes ago

Penetration Tester

Accenture 100K+ Professional Services

Accenture Federal Services is seeking a Penetration Tester to lead and execute a unified penetration-testing program across network, application, and cloud environments for federal clients.

Burp Suite DevSecOps Metasploit Penetration Testing SOC
4 hours, 31 minutes ago

SailPoint Consultant

Lever 251-1K Professional Services

Spry Methods is hiring a SailPoint Consultant to support identity and access management work for clients through implementation, customization, and ongoing operations of SailPoint IdentityIQ or IdentityNow.

Cybersecurity Java JavaScript Linux SQL Unix
4 hours, 46 minutes ago

Principal AI Security Specialist

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a Principal AI Security Specialist to lead enterprise AI security conversations and help customers securely adopt GenAI across complex technical and sales engagements.

Cybersecurity Generative AI LLM
2 days, 4 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers