BC/DR Program Leadership (Primary Focus)

Own and lead the enterprise Business Continuity and Disaster Recovery (BC/DR) program, including strategy, governance, and execution.
Define and maintain BC/DR frameworks, policies, and standards, including RTO/RPO expectations, system tiering, and recovery strategies.
Drive enterprise-wide Business Impact Analysis (BIA) processes to identify critical services, dependencies, and recovery priorities.
Establish and oversee BC/DR testing strategy, including scenario design, execution, and continuous improvement of recovery capabilities.
Evaluate organizational resilience and identify gaps, risks, and opportunities to improve recovery readiness.
Advise leadership on resilience risks, recovery tradeoffs, and business continuity investment priorities.
Report on BC/DR readiness and testing outcomes to senior leadership and support board-level reporting.

Risk & Compliance Integration (Secondary Support)

Lead or support risk assessments for critical systems, strategic initiatives, and operational processes.
Define and evaluate risk related to policy exceptions, resilience gaps, and third-party dependencies.
Partner with Enterprise Risk Management (ERM), Legal, and Technology teams to align BC/DR with broader risk management practices.
Evaluate third-party resilience capabilities and ensure alignment with BHG’s recovery expectations.
Contribute to the development and evolution of IS policies, standards, and procedures, particularly where they intersect with resilience and operational risk.

Cross-Functional Leadership & Influence

Collaborate with business and technology leaders to embed resilience into operational processes and system design.
Influence stakeholders across the organization to meet BC/DR and risk management expectations.
Translate technical requirements into business impacts, enabling informed decision-making at all levels.
Drive a culture of resilience and security awareness through training, exercises, and communications.

Continuous Improvement & Program Maturity

Identify and implement process improvements, automation opportunities, and tooling enhancements for BC/DR and GRC workflows.
Monitor regulatory and industry developments (e.g., FFIEC, GLBA, ISO, NIST) and ensure the BC/DR program evolves accordingly.
Define and track program metrics and KPIs to measure resilience maturity and effectiveness.
Lead remediation efforts for identified gaps, ensuring accountability and timely completion.

Experience in a BC/DR role, with a solid understanding of planning and testing.
Eight (8) years of experience in the IS GRC field or combination of experience and education in related disciplines.
Bachelor’s Degree, ideally in Computer Engineering, Computer Science, Cybersecurity or Information Systems Management.
Possess current relevant certifications (e.g., CISA, CISM, CRISC, etc.) or be willing to obtain within 1 year of assignment.
Familiar with compliance requirements such as FFIEC, PCI, GLBA, CCPA, SOX, etc.
Familiar with IS frameworks such as SOC 2, NIST, ISO, FISMA, etc.
Familiar with IS risk frameworks such as OCTAVE, FAIR, ISACA Risk IT, ISO 27005, NIST CSF, etc.
The ability to manage multiple priorities and navigate complex issues.
Strong documentation skills.

Senior Information Security GRC Specialist