Sr. Information Security GRC Specialist
Are you ready to join a growing team that puts a premium on productivity and has an award-winning culture, centered around transforming talented employees into effective business leaders? Then BHG Financial is the place for you. We offer innovative financial solutions to licensed and highly-skilled professionals, representing the best of both traditional lending and fintech, and are looking for passionate, impact players to help take our company to the next level. At BHG, you’ll become immersed in the finance industry—with a variety of loan solutions, credit cards, patient financing, bank programs, and collections services, which have helped BHG become one of the leading providers of finance solutions. With over 20 years in business, we have the stability of an established company with the speed and agility of a startup, where ingenuity and risk-taking are encouraged, and every employee has the opportunity to learn, grow and thrive. Who You AreYou are a motivated IS professional who is passionate about governance, risk, and compliance (GRC). You excel at producing results and have experience in an audited environment. You are an energetic, highly motivated individual, and thrive in a fast-paced environment where you can assist BHG in meeting its compliance requirements and reducing risk to the BHG brands.
What You'll Do
- You will assist in the development, maintenance, and enhancement of the IS GRC Program by collaborating with the overall IS Team as well as multiple BHG stakeholders.
- Serve as a point of contact and subject matter expert for BHG's Business Continuity and Disaster Recovery Program.
- Build relationships with stakeholders, working with them to maintain the BC/DR program to ensure adequate resources and documentation are in place to support recovery efforts.
- Coordinate the resting of BC/DR plans to verify the ability to meet Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
- Assisting in the development and maintenance of IS policies, standards, and procedures.
- Maintaining and reporting out IS metrics, detailed and board level.
- Supporting security awareness training and activities throughout the organization.
- Assisting in developing enterprise and functional team-specific presentations to promote a security mindset.
- Perform IS risk assessments on strategic initiatives and internal systems.
- Support developing remediation plans for issues and risks, coordinate activities with owners, and track remediation to completion.
- Analyzing third parties for adherence to BHG policies and standards.
- Evaluating risks related to policy and standard exceptions.
- Helping respond to customer or other third-party inquiries related to BHG’s IS program.
- Coordinating audits and information gathering for financial audits, SOC 2 examinations, third-party assessments, etc. while ensuring a timely response.
- Performing control assessments against BHG’s control framework.
- Identifying opportunities for automation and process efficiencies and assisting in the implementation of GRC toolsets.
- Collaborating with other BHG teams such as Enterprise Risk Management (ERM), product, Legal, People Development (PD), etc. to ensure BHG is complying with policies, standards, and regulatory requirements.
- Working with the GRC Team to ensure the BHG stays abreast of new regulatory, legal, compliance, and security requirements.
- Performing other duties as required.
What You'll Need
- At least four (4) years of proven experience in the IS GRC field or a combination of experience in related disciplines.
- Experience in a BC/DR role, with a solid understanding of planning and testing.
- Bachelor’s Degree, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of IS.
- Possess current or working towards relevant certifications (e.g., CISA, CISM, CRISC, etc.).
- Knowledge of compliance requirements such as FFIEC, PCI, SOX, GLBA, CCPA, etc.
- Knowledge of IS frameworks such as SOC 2, NIST, ISO, FISMA, etc.
- Knowledge of IS risk frameworks such as OCTAVE, FAIR, ISACA Risk IT, ISO 27005, NIST 800-30, etc.
- Problem analysis and resolution at both a strategic and functional level.
- The ability to organize and manage multiple priorities.
- Strong documentation skills.
- Excellent interpersonal and communication skills.
- Ability to translate technical requirements to business objectives.