Job Information
MetLife Security Consultant - Cyber Regulatory in Cary, North Carolina
Role Value Proposition
This position will assist in strengthening the existing process in place to ensure he MetLife can continue to evaluate, document, assess and maintain compliance to existing and emerging cybersecurity regulations and guidelines.
The position will ensure that cybersecurity regulations and guidelines are monitored, documented and in alignment to the control framework. This role will also interface with Legal, Privacy, Compliance, Risk, Internal Audit, and other business stakeholders to assess implications of cybersecurity regulations. It will also assist in the coordination of responses to ad hoc and periodic compliance and regulatory exams, inquiries, and cybersecurity incident reporting efforts.
The effective execution of this role will enable global stakeholders to understand how local and regional cyber regulatory requirements are managed consistently, monitored regularly, and reported centrally. Communication with senior leadership will be a significant responsibility of this role and the ability to explain potentially complex cybersecurity requirements in a manner that is understandable to all levels is a necessity. Additionally, being able to answer direct questions on larger impacts to the organization will be required. Coordination between this role, IT/IP Legal Counsel, Corporate Compliance and Global Technology & Operations (GTO) functions is essential.
Key Responsibilities:
Monitor and document the cybersecurity regulatory landscape leveraging enterprise repositories (Archer, OpenPages, PowerBi and other metrics)
Assist in compliance reporting requirements including:
Quarterly and Annual compliance attestations
Cybersecurity incidents
Manage and maintain the Cybersecurity Regulatory Change Management (RCM) process
Assist in the facilitation of cybersecurity regulatory compliance, external and internal audit activities
Coordinate regulatory requirements to align to the Process, Risk and Control (PRC) Framework
Create and maintain metrics for Cybersecurity regulations and guidelines
Research topics and concerns as they arise to identify a response to proposed regulations
Represent Information Security in emerging regulatory and/or compliance discussions
Essential Business Experience and Technical Skills:
8-10 years of experience in Information Security, IT Audit, Compliance or IT Risk
Prefer 2+ years experience performing SOX, SSAE18, and/or SOC2 audits or implementing compliance programs such as the NYDFS Cybersecurity regulation.
Experience creating or updating a Process, Risk, and Control Framework in an IT organization with global responsibilities
Experience with industry risk and control standards (ISO, NIST, COBIT, etc.)
Strong verbal and written communication and presentation skills
Ability to challenge and push back in a productive manner as necessary
Effective project management skills to execute multiple separate work streams at one time
CISA and/or CRISC Certification is preferred
Equal Employment Opportunity/Disability/Veterans
If you need an accommodation due to a disability, please email us at accommodations@metlife.com. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.
MetLife maintains a drug-free workplace.
MetLife
- MetLife Jobs