AVP, Third Party Cyber Risk Management

AVP, Third Party Cyber Risk Management

City/Cities

Cary

State(s)

North Carolina

Country

United States

Working Schedule

Full-Time

Work Arrangement

Hybrid

Travel Required

10%

Relocation Assistance Available

No

Posted Date

05-Jan-2024

Job ID

1277

Description and Requirements

Job Location: Cary, NC

Role Value Proposition:

MetLife has an exciting opportunity for an experienced third-party risk professional to join our Global Security GRCA (Governance Risk, Compliance and Awareness) team, within the Office of Global Security. This role will be responsible for managing the strategic and operational aspects of the third-party cyber risk program. The role will lead a diverse team of on-shore and off-shore employees who execute the day-to-day activities of assessing risk associated with MetLife's third-party vendor and supplier and partner relationships, as well as managing associated processes, tools, and technology.

This role will be accountable for ensuring Third Party cyber risk is assessed (onboarding due diligence) consistently managed and a robust process is while business requirements are being met.

MetLife is looking for an innovative, collaborative self-starter that embraces challenges and offers creative solutions to integrate into the business workflow driving continuous improvement, providing guidance, oversight, and actionable risk analysis to enable the business to achieve their objectives in a secure manner, while maintaining compliance.

Key Responsibilities:

• Providing leadership and oversight over cyber risk assessment and risk management of third-parties ensuring risk is appropriately assessed

• Identifying opportunities for improving operational effectiveness

• Driving program and tool enhancements

• Deploying the TPCRM globally to ensure standardized and consistent processes are followed.

• Supporting communication and training related to the program and systems to ensure Third-Party Cyber Risk Management (TPCRM) awareness

• Reporting on performance and risk metrics

• Partnering with internal and external auditors, where required

• Partnering with key Risk Partners - Procurement, Vendor Management, Privacy, Business Resiliency, etc.

• Conducting regular program self-assessments

• Partner with legal, compliance, IT, and business to proactively identify and mitigate risk

• Support of potential third party cyber / data related events, as necessary

Essential Business Experience and Technical Skills:

• 3-5 years of experience in third party risk management

• Current working experience building out and leading a Third Party Cyber Risk Management Program

• Demonstrated strong process experience

• Demonstrated ability to change Teams and drive a risk mindset

• Demonstrated ability to hold Teams accountable and drive action

• Experience tracking key metrics for the preparation of key reports and development of executive communications for presentation to governance committees, senior leaders and regulatory bodies

• Experience navigating third-party capability and security discussions to evaluate technical and non-technical security controls

• Experience in supporting third-party cyber incident response activities in partnership with security, legal, or crisis management teams

• Ability to implement third-party risk tracking framework and risk mitigation

• Keep abreast of cyber, information security, technology, and associated trends and risks, as well as an understanding of existing and upcoming regulations

• Be experienced in leading people

• Strong process management and communication skills

• Possess strong written and verbal communication skills, and the ability to adjust communication style for the audience

• Build and maintain effective relationships across the organization

• Effectively manage competing priorities

• Be passionate about their work and supporting customers

Preferred

• Bachelor's degree in Computer Science, information Systems or related field

• 3-5 years of experience working in a risk or control function

• Professional certification: such as CISSP or other relevant industry certification

• Have experience with industry frameworks and regulations (e.g. NIST, PCI, HIPAA)

• Hold a current Risk, IT Security, Technology, or Project Management certification

• Sound knowledge of the industry, particularly within legal, compliance, and other control-focused departments

Benefits We Offer

Our U.S. benefits address holistic well-being with programs for physical and mental health, financial wellness, and support for families. We offer a comprehensive health plan that includes medical/prescription drug and vision, dental insurance, and no-cost short- and long-term disability. We also provide company-paid life insurance and legal services, a retirement pension funded entirely by MetLife and 401(k) with employer matching, group discounts on voluntary insurance products including auto and home, pet, critical illness, hospital indemnity, and accident insurance, as well as Employee Assistance Program (EAP) and digital mental health programs, parental leave, volunteer time off, tuition assistance and much more!

About MetLife

Recognized on Fortune magazine's list of the 2023 "World's Most Admired Companies" as well as the 2023 Fortune 100 Best Companies to Work For ®, MetLife , through its subsidiaries and affiliates, is one of the world's leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East.

Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by empathy, we're inspired to transform the next century in financial services. At MetLife, it's#AllTogetherPossible (~~~) . Join us!

Equal Employment Opportunity/Disability/Veterans

If you need an accommodation due to a disability, please email us at ~~~. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.

MetLife maintains a drug-free workplace.