Cybersecurity GRC Specialist

Cybersecurity GRC Specialist- fully remote role anywhere in the U.S.

The Cybersecurity GRC Specialist is responsible for managing and strengthening MetLife Legal Plans' Technology Governance, Risk, and Compliance (GRC) program. This role helps ensure the organization effectively identifies, assesses, and mitigates technology and cybersecurity risks while maintaining compliance with regulatory requirements, industry standards, and internal policies.

This individual plays a key role in protecting MetLife Legal Plans' information assets by developing and maintaining risk management frameworks, overseeing security and compliance initiatives, and partnering with technology, legal, and business teams to integrate security best practices across the organization.

The Cybersecurity GRC Specialist also supports the organization's Third-Party Risk Management (TPRM) program, ensuring that vendors, partners, and sponsors meet required security and risk standards before and during their engagement with the organization.

A successful candidate will have a strong background in IT risk management, cybersecurity, and information security governance, along with the ability to communicate effectively with both technical and non-technical stakeholders. Staying informed about emerging threats, evolving regulatory requirements, and industry best practices is essential to this role.

A Day in the Life of a Cybersecurity GRC Specialist at MetLife Legal Plans

Risk Management Leadership
Support the development and ongoing maturity of MLP's IT risk management framework
Conduct and oversee risk assessments to identify potential threats, vulnerabilities, and business impacts across systems and data environments

Security Policy Development
Contribute to the development, maintenance, and enforcement of IT security policies, standards, and procedures
Ensure policies align with regulatory requirements, internal governance standards, and industry best practices

Security Architecture and Design
Provide guidance on secure system and application design
Partner with IT teams to ensure security controls are incorporated into infrastructure, systems, and application development

Security Awareness and Training
Support the development and delivery of security awareness programs for employees
Promote a culture of security and risk awareness across the organization

Incident Response Support
Assist in the development and maintenance of incident response procedures
Participate in security incident investigations and response coordination as needed

Compliance Oversight
Help ensure IT systems and security practices comply with applicable laws, regulations, and industry standards
Support internal and external audits and assist with remediation efforts when needed

Third-Party Risk Management (TPRM)
Review vendor security documentation, certifications, and controls to ensure alignment with MLP security standards
Partner with procurement, legal, and technology teams to manage vendor risk throughout the vendor lifecycle
Support the continuous improvement of MLP's third-party risk management program

Security Technology Evaluation
Evaluate security technologies, tools, and solutions to strengthen the organization's security posture
Stay informed on emerging cybersecurity trends and recommend improvements where appropriate

Collaboration with IT Teams
Work closely with IT teams including infrastructure, application development, and network security
Provide guidance on security best practices and assist with implementing appropriate controls

Security Risk Communication
Communicate technology and security risks to leadership and key stakeholders
Translate technical security concepts into clear business impact and risk language

Security Questionnaire & Audit Management
Review and respond to security questionnaires from clients, sponsors, and partners
Evaluate vendor and partner security responses to assess risk exposure
Support internal and external audit activities, including documentation preparation and evidence collection
Partner with internal teams to address audit findings and strengthen controls

Contract and Security Requirement Review
Support contract reviews to ensure appropriate security and risk management provisions are included
Collaborate with legal, procurement, and technology teams to align vendor agreements with security standards

Continuous Improvement
Contribute to the ongoing improvement of MLP's risk, security, and governance programs
Identify opportunities to enhance processes, controls, and risk visibility across the organization

Position Requirements
5+ years of experience in IT Governance, Risk, Compliance (GRC), cybersecurity, or information security
Bachelor's degree in Computer Science, Information Security, or related field preferred
Security certifications such as CISSP, CISA, CRISC, or similar highly preferred
Experience with Third-Party Risk Management (TPRM) programs
Prior experience with the ISO 27001:2022 Framework
Prior experience leading projects, initiatives, or mentoring team members preferred

Travel: Occasional travel may be required (10% or less)

Who We Are:

MetLife Legal Plans is the leading consumer legal service in the United States. Whether you are making a will after starting a family, negotiating the contract on your dream home, or just want the peace of mind of having our network of 18,000+ attorneys on your side, we make it easy and affordable to get quality legal help.

We are trusted by nearly 7 million families and more than 200 Fortune 500 companies who provide our service as an employee benefit.

It's an exciting time to join our team. We are growing quickly and have a bold vision for our future as we evolve our company to dream bigger, move faster, and use creativity and technology to build products people love.

MLP's Success Principles:
We change and innovate for sustained performance
We collaborate and empower each other to succeed
We deliver for our customers

Note: This job description in no way states or implies that these are the only duties to be performed by the associate in this position. Associates will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. All duties and responsibilities are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbent will possess the skills, aptitude and ability to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at-will" relationship.