Sr. GRC Specialist, Information Security

Want more jobs like this?

Get Business Operations jobs that are Remote delivered to your inbox every week.

Get Jobs

Send me The Muse newsletters for the best in career advice and job search tips.

By signing up, you agree to our Terms of Service & Privacy Policy.

What You'll Do

• Coordinate and manage BHG’s SOC 2 Type 2 audit engagement.
• Support the implementation of GRC strategies.
• You will be responsible for assisting with multiple GRC activities, including, but not limited to: Information Security Metrics; Security awareness training; Policies, standards, and procedures; Exceptions to policies and standards; Audit and compliance frameworks (GLBA, FFIEC, PCI, NIST, etc.), such as: User access reviews for applications, databases, and operating systems, as well as control assessments
• Handle risk assessments of systems and third parties, including developing treatment plans
• Ensure the business has business continuity and disaster recovery
• Ability to apply data privacy principles within the framework of GRC
• Develop enterprise and functional team-specific presentations to promote a security mindset.
• Support executive committees by developing agendas, documenting meeting minutes, and maintaining relevant documentation.
• Identify opportunities for automation and process efficiencies and assist with the implementation of GRC toolsets.
• Collaborate with other BHG teams such as Architecture, Infrastructure, Enterprise Risk Management (ERM), Product, Legal, People Development (PD), etc. to ensure BHG is complying with policies, standards, and regulatory requirements.
• Stay abreast of new regulatory, legal, compliance, and security requirements. 
• Collaborate with team members within and outside of GRC.
• Perform other duties as required.

What You'll Need

• Prior experience managing complex audit engagements, such as SOC 2.
• 5+ years of experience in the IS GRC field or a combination of experience and education in related disciplines.
• Bachelor’s Degree, ideally in Computer Engineering, Computer Science, Cybersecurity, or Information Systems Management.
• Possess current relevant certifications (e.g., CISA, CISM, CRISC, etc.) or be willing to obtain within 1 year of assignment.
• Familiar with compliance requirements such as FFIEC, PCI, GLBA, CCPA, SOX, etc.
• Familiar with IS frameworks such as SOC 2, NIST, ISO, FISMA, etc.
• Familiar with IS risk frameworks such as OCTAVE, FAIR, ISACA Risk IT, ISO 27005, NIST 800-30, etc.
• The ability to manage multiple priorities and navigate complex issues.
• Strong documentation skills.
• Excellent interpersonal and communication skills.
• Ability to analyze information.
• Proficiency in tackling mid-sized problems.
• Creative problem-solving abilities.