MetLife

Role Value Proposition

• We are looking for a manager of Third-Party Cyber Risk Management Team for the leading life insurance company based in Tokyo.
• This position leads the Third-Party Cyber Risk Management Team which is a critical function in Information Security Group to assess the information security risks and controls of the third-party suppliers as well as agencies we partner with.
• The successful candidate will lead by example through hands-on involvement in daily operations, drive project activities and propose practical solutions to enhance risk management practices.
• The role also involves promoting our Information Security programs by working closely with IT, control functions, and relevant business units to ensure alignment and effectiveness.

Responsibilities

• Lead the Third-Party Cyber Risk Management Team in conducting effective information security risk assessments of third-party suppliers and partner agencies to safeguard the company’s and customer’s personal information and confidential data.
• Oversee the progress of third parties in implementing identified risk remediation plans and ensure timely resolution.
• Facilitate smooth communication with suppliers, agencies, and relevant internal stakeholders.
• Promote cybersecurity awareness and knowledge among suppliers and agencies by collaborating with relevant internal stakeholders.
• Maintain and update information security policies to meet evolving regulatory requirements and internal standards.
• Coordinate incident response activities related to cyber incidents involving third parties, working closely with internal response teams. 
• Monitor regulatory changes and industry trends related to cybersecurity and personal information protection, and assess their implication to recommend appropriate measures.

Requirements

• Minimum of 5 years of hands-on experience in Information Security or IT Audit, including at least 2 years in a people management role.
• Strong knowledge of IT infrastructure, cybersecurity, technology trends, and relevant regulations.
• Proven ability to prepare accurate reports for diverse audiences, deliver effective presentations, and lead meetings. 
• Ability to communicate effectively with global counterparts access regions and time zones.
• Demonstrated willingness to learn new IT technologies and achieve goals in Information Security.

Preferred Experience:

• Experience in business application development or IT Infrastructures hardening.
• Experience working in a global or cross-regional team environment.
• Interest in broader risk management domains including IT risk governance.
• Hands-on experience with cloud security, data protection, and incident response.
• Familiarity with regulatory and industry standards such as NIST CSF, PCI DSS, and FISC.
• Professional certifications in information security such as CISSP, CISM, CISA or equivalent are considered a plus.

Language: