This position will own and evolve the MetLife IT Process, Risk, and Control (PRC) Framework, the central foundational element from which all risk activities are aligned. The position will ensure that risk findings, risk reporting, risk assessments, and other risk activities are in alignment to the PRC as well as update, modify, and improve the PRC to reflect changes in the company, the industry, and to align with company strategy. This role will also interface with Internal Audit and other business stakeholders to facilitate the efficient execution of audits and assessments done within IT.
There is a need from the business to have a consistent and standardize means of reporting and making decisions about IT risk and the PRC provides that touchstone that allows many groups within the enterprise to speak the same language when it comes to IT. The effective execution of this role will enable global stakeholders to understand how local and regional IT concerns affect them and be able to discuss these concerns with others throughout the enterprise in a way that reduces confusion and increases efficiency. Communication with senior leadership will be a significant responsibility of this role and the ability to explain potentially complex IT risks in a manner that is understandable to all levels is a necessity. Additionally, being able to answer direct questions on larger impacts to the organization will be required. Working collaboratively and effectively with off-shore and contractor resources to accomplish these goals is expected. Coordination between this role and the IT Risk Guidance and IT Risk Operations groups is essential.
Implement the Process, Risk and Control (PRC) Framework throughout IT
Assisting in the facilitation of compliance, external, and internal audit activities
Update and maintain the PRC based on input from stakeholders and industry trends
Maintain PRC Model within RSA Archer and IBM OpenPages eGRC platforms
Research IT risk topics and concerns as they arise to identify a response aligned to PRC and represent IT Risk Management in emerging regulatory and/or compliance discussions
Essential Business Experience and Technical Skills:
8-10 years of experience in IT Security, IT Audit, or IT Risk with a preference for 2+ years experience performing SOX, SSAE18, and/or SOC2 audits or implementing compliance programs such as the NY DFS Cyber law.
Experience creating or updating a Process, Risk, and Control Framework in an IT organization with global responsibilities
Experience with industry risk and control standards (ISO, NIST, COBIT, etc.)
Strong verbal and written communication and presentation skills with the ability to challenge and push back in a productive manner when needed
Effective project management skills to execute multiple separate work streams at one time
CISA and/or CRISC Certification is preferred
Internal Number: 111067
At MetLife, we put customers at the absolute center of everything we do. In fact, we believe technology will transform the customer experience and are investing nearly $300 million in new technologies that will help us innovate and develop new products and services to better serve our customers.We're actively seeking world-class talent for the GTO division, building a diverse, global and highly skilled workforce that is passionate about the same things we are — pushing ourselves to learn and grow, to be efficient, to share experiences and knowledge and to collaborate as a global team.