[Hiring] Senior Information Security GRC Specialist @BHG Financial

Role Description

Are you ready to join a growing team that puts a premium on productivity and has an award-winning culture centered around transforming talented employees into effective business leaders? Then BHG Financial is the place for you.

You are an experienced Information Security professional with deep expertise in Business Continuity and Disaster Recovery (BC/DR) and a strong foundation in Governance, Risk, and Compliance (GRC). You operate with a high degree of autonomy, bring a strategic mindset, and are comfortable leading complex initiatives that directly impact business operations and resilience.

You are a trusted advisor who can translate technical and operational risks into business decisions, influence stakeholders across the organization, and drive measurable improvements in BHG’s resilience posture.

What You'll Do

• BC/DR Program Leadership (Primary Focus)
  • Own and lead the enterprise Business Continuity and Disaster Recovery (BC/DR) program, including strategy, governance, and execution.
  • Define and maintain BC/DR frameworks, policies, and standards, including RTO/RPO expectations, system tiering, and recovery strategies.
  • Drive enterprise-wide Business Impact Analysis (BIA) processes to identify critical services, dependencies, and recovery priorities.
  • Establish and oversee BC/DR testing strategy, including scenario design, execution, and continuous improvement of recovery capabilities.
  • Evaluate organizational resilience and identify gaps, risks, and opportunities to improve recovery readiness.
  • Advise leadership on resilience risks, recovery tradeoffs, and business continuity investment priorities.
  • Report on BC/DR readiness and testing outcomes to senior leadership and support board-level reporting.
• Risk & Compliance Integration (Secondary Support)
  • Lead or support risk assessments for critical systems, strategic initiatives, and operational processes.
  • Define and evaluate risk related to policy exceptions, resilience gaps, and third-party dependencies.
  • Partner with Enterprise Risk Management (ERM), Legal, and Technology teams to align BC/DR with broader risk management practices.
  • Evaluate third-party resilience capabilities and ensure alignment with BHG’s recovery expectations.
  • Contribute to the development and evolution of IS policies, standards, and procedures, particularly where they intersect with resilience and operational risk.
• Cross-Functional Leadership & Influence
  • Collaborate with business and technology leaders to embed resilience into operational processes and system design.
  • Influence stakeholders across the organization to meet BC/DR and risk management expectations.
  • Translate technical requirements into business impacts, enabling informed decision-making at all levels.
  • Drive a culture of resilience and security awareness through training, exercises, and communications.
• Continuous Improvement & Program Maturity
  • Identify and implement process improvements, automation opportunities, and tooling enhancements for BC/DR and GRC workflows.
  • Monitor regulatory and industry developments (e.g., FFIEC, GLBA, ISO, NIST) and ensure the BC/DR program evolves accordingly.
  • Define and track program metrics and KPIs to measure resilience maturity and effectiveness.
  • Lead remediation efforts for identified gaps, ensuring accountability and timely completion.

Qualifications

• Experience in a BC/DR role, with a solid understanding of planning and testing.
• Eight (8) years of experience in the IS GRC field or combination of experience and education in related disciplines.
• Bachelor’s Degree, ideally in Computer Engineering, Computer Science, Cybersecurity or Information Systems Management.
• Possess current relevant certifications (e.g., CISA, CISM, CRISC, etc.) or be willing to obtain within 1 year of assignment.
• Familiar with compliance requirements such as FFIEC, PCI, GLBA, CCPA, SOX, etc.
• Familiar with IS frameworks such as SOC 2, NIST, ISO, FISMA, etc.
• Familiar with IS risk frameworks such as OCTAVE, FAIR, ISACA Risk IT, ISO 27005, NIST CSF, etc.
• The ability to manage multiple priorities and navigate complex issues.
• Strong documentation skills.
• Excellent interpersonal and communication skills, with the ability to adapt communication style for broader business.
• Ability to analyze information.
• Proficiency in tackling complex challenges.
• Creative problem-solving abilities.
• Ability to translate technical requirements to business objectives.

Requirements

• Travel requirement: All roles require travel during the first 6 months of employment to attend the BHG Oars in Experience. After the initial 6 months, ongoing travel is expected at approximately ~5% annually for periodic team on-sites, team meetings, and cross-functional collaboration.
• Work Authorization: This role is not eligible for employer-provided immigration sponsorship. To be considered, applicants must already possess valid U.S. work authorization that will not require sponsorship now or in the future.

Benefits

• Medical/Rx/Dental/Vision coverage for employees and their eligible family members.
• Competitive PTO and vacation policies.
• 1 Friday off each month for Wellness Weekends.
• Company 401(k) plan with employer contributions after one year.
• Company-sponsored training and certification opportunities.
• Quarterly award ceremonies where top achievers are celebrated and receive additional bonuses.
• Ongoing volunteer opportunities to give back to the community through our BHG Cares program.