MetLife

We are experts and globally recognized leaders in insurance. With more than 150 years of experience, we deliver best‑in‑class life insurance, annuities, and benefits programs to over 90 million customers in 50 countries. In Mexico, we are the #1 personal insurer in the country, protecting more than 10 million policyholders.

We are looking for an IT Risk & Audit Specialist to help us build a more confident future for Mexican families.

Role Purpose

Strengthen MetLife Mexico’s technology and cybersecurity risk posture through robust risk identification, control oversight, risk inventory management, and coordination of local and global audits. This role connects security, technology, and compliance, enabling a resilient, trustworthy, and future‑ready operation.

We are looking for people who:

• Build the future, innovate, and act with urgency—anticipating risks, enhancing controls, and reinforcing cybersecurity resilience.
• Win together, collaborating closely with Information Security, Technology, Risk, and Audit teams, valuing diverse perspectives and fostering inclusion.
• Own it, taking responsibility for evidence quality, control accuracy, issue remediation, and timely delivery of results.

RESPONSIBILITIES & ACCOUNTABILITIES

• Lead the remediation and closure of technology and cybersecurity risk findings.
• Prepare clear, defensible, and audit‑ready documentation and evidence packages.
• Monitor control effectiveness through periodic testing and performance tracking.
• Manage the IT/Cyber risk inventory (PRC) in alignment with global standards.
• Develop actionable risk metrics and executive updates for the CISO and senior leadership committees.
• Coordinate internal and external audits, walkthroughs, interviews, and third‑party security questionnaires.
• Drive continuous improvement of the organization’s security, control, and compliance environment.

REQUIREMENTS & QUALIFICATIONS

• Advanced English proficiency (≥80%) to support audits, interviews, and client/third‑party assessments.
• Strong understanding of risk and control frameworks such as NIST, ISO 27001, COBIT.
• Experience with GRC platforms (OpenPages, ServiceNow GRC) to document risks, evidence, and remediation efforts.
• Strong communication, follow‑up discipline, and the ability to influence IT stakeholders.
• Analytical, detail‑oriented mindset with a strong focus on risk prioritization.

Preferred Competencies

• 3+ years of experience in IT/cyber risk, controls, or audit coordination.
• Advanced experience with GRC tools and evidence management.
• High ownership, strong stakeholder management, and the ability to drive actions to completion.
• CISA certification (preferred).

At MetLife, we are committed to fostering diversity among all colleagues, ensuring nondiscriminatory treatment regardless of race, gender identity or expression, sexual orientation, religion, age, nationality, marital status, disability, or economic condition. We do not require HIV or pregnancy tests as a condition for employment, permanence, or advancement, and we promote equal employment opportunities.