Who We Are: MetLife Legal Plans is the country's largest provider of legal voluntary benefits. We have more than 40 years of experience in employee legal services and are committed to providing excellent care to our plan members, sponsors and 18,000+ attorneys.
We are trusted by nearly 7 million families and more than 200 Fortune 500 companies who offer our service as an employee benefit.
It's an exciting time to join our team. We are growing quickly and have a bold vision for our future as we evolve our company to dream bigger, move faster, and use creativity and technology to build products people love.
MLP's Core 4: - Put customers first
- Be the Best
- Make things easier
- Succeed together
This position is fully remote. The ideal candidate can be located anywhere in the continental United States.
The Technology GRC Security Specialist is a professional who holds a role in managing and enhancing MetLife Legal Plans' Technology risk management and security practices. This individual is responsible for overseeing the development, implementation, and continuous improvement of strategies and measures to identify, assess, and mitigate Technology-related risks. The Technology GRC Security Specialist plays a critical role in safeguarding the MLP's information assets and ensuring compliance with relevant laws, regulations, and industry standards.
A Technology GRC Security Specialist should possess a strong background in Technology risk management, cybersecurity, and information security. Effective communication skills, and the ability to collaborate with various stakeholders are essential for success in this role. Staying informed about industry trends, emerging threats, and changes in regulatory requirements is also crucial.
A day in the life of a GRC Security Specialist at MetLife Legal Plans: Risk Management Leadership: Leading the development and implementation of MLP's IT risk management framework.
Overseeing risk assessments, identifying potential threats, vulnerabilities, and assessing the impact on IT systems and data.
Security Policy Development: Playing a key role in the development and enforcement of IT security policies, standards, and procedures.
Ensuring that security policies align with industry best practices and regulatory requirements.
Security Architecture and Design: Providing leadership in designing secure IT architectures and solutions.
Collaborating with IT teams to ensure that security is integrated into system and application designs.
Security Awareness and Training: Developing and delivering security awareness and training programs for employees.
Promoting a culture of security awareness throughout the MLP.
Incident Response Leadership: Leading the development and implementation of incident response plans.
Coordinating response efforts in the event of security incidents, breaches, or vulnerabilities.
Compliance Oversight: Ensuring that IT systems and practices comply with relevant laws, regulations, and industry standards.
Conducting regular audits to verify compliance and addressing any identified issues.
Security Technology Evaluation: Evaluating and selecting security technologies, tools, and solutions.
Keeping abreast of emerging cybersecurity technologies and recommending their adoption.
Collaboration with IT Teams: Collaborating with IT teams, including network security, application security, and system administrators.
Providing guidance on security best practices and ensuring the implementation of security controls.
Security Risk Communication: Effectively communicating security risks, strategies, and mitigation plans to executive leadership and relevant stakeholders.
Translating technical security concepts into business-oriented language.
Questionnaire Review: Analyzing security questionnaires received from Sponsors or third-party vendors.
Evaluating responses to assess the security controls, practices, and policies in place.
Guiding auditors through MLP's IT environment, including systems, networks, and security measures.
Managing and organizing audit-related documentation, ensuring accuracy and completeness.
Addressing queries and concerns raised by auditors during the audit process.
Collaborating with internal teams to resolve issues promptly and efficiently.
Contract Negotiation: Leading contract negotiations with Sponsors.
Ensuring that contracts include appropriate terms, conditions, and service level agreements.
Collaborating with legal and procurement teams to finalize contractual agreements.
Continuous Improvement: Driving continuous improvement initiatives within the IT risk and security program.
Conducting lessons learned sessions and adapting strategies based on evolving threats and technologies.
Position Requirements: 5+ years of IT GRC & Security experience required
Bachelors degree in computer science or related field highly preferred
Technical security certifications highly preferred
Prior experience leading and coaching a team highly preferred
Travel: Occasional travel may be required. 10% or less expected.
Note: This job description in no way states or implies that these are the only duties to be performed by the associate in this position. Associates will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. All duties and responsibilities are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbent will possess the skills, aptitude and ability to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at-will" relationship.
Never miss an opportunity! Create an alert based on the job you applied for.
