Senior GRC Specialist, Information Security

Summary

Join BHG Financial, a growing company with an award-winning culture focused on developing employees into business leaders. We offer leading-edge financial solutions and personalized concierge service to high-earning professionals and businesses. As an Information Security Professional, you will coordinate and manage SOC 2 audits, implement GRC strategies, and handle risk assessments. You will collaborate with various teams to ensure compliance and develop presentations to promote a security mindset. BHG Financial values work/life balance and offers numerous benefits, including comprehensive health insurance, competitive PTO, wellness initiatives, and professional development opportunities.

Requirements

• Prior experience managing complex audit engagements, such as SOC 2
• 5+ years of experience in the IS GRC field or a combination of experience and education in related disciplines
• Bachelor’s Degree, ideally in Computer Engineering, Computer Science, Cybersecurity, or Information Systems Management
• Possess current relevant certifications (e.g., CISA, CISM, CRISC, etc.) or be willing to obtain within 1 year of assignment
• Familiar with compliance requirements such as FFIEC, PCI, GLBA, CCPA, SOX, etc
• Familiar with IS frameworks such as SOC 2, NIST, ISO, FISMA, etc
• Familiar with IS risk frameworks such as OCTAVE, FAIR, ISACA Risk IT, ISO 27005, NIST 800-30, etc
• The ability to manage multiple priorities and navigate complex issues
• Strong documentation skills
• Excellent interpersonal and communication skills
• Ability to analyze information
• Proficiency in tackling mid-sized problems
• Creative problem-solving abilities

Responsibilities

• Coordinate and manage BHG’s SOC 2 Type 2 audit engagement
• Support the implementation of GRC strategies
• Assist with multiple GRC activities, including, but not limited to: Information Security Metrics; Security awareness training; Policies, standards, and procedures; Exceptions to policies and standards; Audit and compliance frameworks (GLBA, FFIEC, PCI, NIST, etc.), such as: User access reviews for applications, databases, and operating systems, as well as control assessments
• Handle risk assessments of systems and third parties, including developing treatment plans
• Ensure the business has business continuity and disaster recovery
• Apply data privacy principles within the framework of GRC
• Develop enterprise and functional team-specific presentations to promote a security mindset
• Support executive committees by developing agendas, documenting meeting minutes, and maintaining relevant documentation
• Identify opportunities for automation and process efficiencies and assist with the implementation of GRC toolsets
• Collaborate with other BHG teams such as Architecture, Infrastructure, Enterprise Risk Management (ERM), Product, Legal, People Development (PD), etc. to ensure BHG is complying with policies, standards, and regulatory requirements
• Stay abreast of new regulatory, legal, compliance, and security requirements
• Collaborate with team members within and outside of GRC
• Perform other duties as required

Benefits

• Medical/Rx/Dental/Vision coverage for employees and their eligible family members
• Competitive PTO and vacation policies
• 1 Friday off each month for Wellness Weekends
• Company 401(k) plan with employer contributions after one year
• Company-sponsored training and certification opportunities
• Quarterly award ceremonies where top achievers are celebrated and receive additional bonuses
• Ongoing volunteer opportunities to give back to the community through our BHG Cares program