MetLife

Key Responsibilities: 

• Provides subject matter expertise, strategic direction, and guidance on customer, regulatory, and industry information security requirements and best practices to ensure appropriate controls are evident in the environment. This includes aligning to security control frameworks and guidance such as but not limited to, NIST (800-53, Cybersecurity), ISO, HIPAA, Privacy, and SSAE-18 SOC1 & SOC2. 
• Provides customer assurance by responding to B2B customer security questionnaires, ad hoc inquiries, site visits, contract reviews, and RFPs. Translates security policies, control frameworks, and contractual obligations into business requirements and contract security language. 
• Partners with business, Information Technology, Privacy, Legal, and other areas to ensure policy and minimum-security requirements are represented accurately to customers and regulators.  
• Coordinates and supports inbound Federal and State regulatory inquiries and exams. Supports Internal and External Audits as necessary. 
• Demonstrates advanced understanding of business processes, internal control risk management, IT controls and related security standards.
• Identifies and recommends internal processing and systemic improvements to enhance Customer and Employee experience. Manages critical processes with high visibility to senior management. 

Essential Business Experience and Technical Skills: 

Required:

• 5 plus years' experience in information security, IT audit, compliance, and/or IT disaster recovery required.
• 3 plus years direct experience managing security, IT audits, compliance projects and/or similar processes.
• A high degree of knowledge in Information Security and controls and strong cyber regulatory compliance background.
• Strong technical IT background, understanding of applications, and network architecture.

Preferred:  

• Information Security Governance and Control Framework experience such as NIST, ISO27002, COBIT, PCI, etc. 
• Experience with compliance requirements for HIPAA, PCI, SOX, SSAE-18, etc.
• Experience with software applications such as Archer, ServiceNow, and/or Qvidian.
• Professional certification such as CISA, CISM, GSE, SANS or CISSP strongly preferred.
• Must have strong analytical skills, ability to manage and deliver multiple requests.