Brighthouse Financial is on a mission to help people achieve financial security. As one of the largest providers of annuities and life insurance in the U.S., we specialize in products designed to help people protect what they ve earned and ensure it lasts. We are built on a foundation of experience and knowledge, which allows us to keep our promises and provide the value they deserve.
At Brighthouse Financial, we re fostering a culture where diverse backgrounds and experiences are celebrated, and different ideas are heard and respected. We believe that by creating an inclusive workplace, we re better able to attract and retain our talent, provide valuable solutions that meet the needs of our advisors and their clients, and deliver on our mission of helping more people achieve financial security. We re seeking passionate, high-performing team member to join us. Sound like you? Read on.
How This Role Contributes to Brighthouse Financial:
The IT Risk Director will support the development, implementation and enhancements of the IT Risk Management program and framework to effectively manage risks across IT processes and systems that support business operations.
The Director will regularly assess and report on risks across the Technology function. These assessments will cover cybersecurity, delivery management, technology operations, and data management. The Director will leverage industry standard frameworks as the basis for the assessments, and is responsible for remaining current on industry trends and new risks that are relevant to risk assessment at Brighthouse. The Director will also be responsible for collaborating with several Brighthouse Financial risk functions including cybersecurity, operational risk management, architecture, legal, compliance, third party risk management, audit functions as well as the GRC solution enablement team.
The Director will initially report to the Chief Technology Officer ( CTO ). As Brighthouse is also recruiting a new Chief Information Security Officer ( CISO ), a change in reporting relationships is possible once the new CISO is in place. Regardless of the reporting relationships, the Director will have the remit to independently assess risks across the Technology organization and regularly update the CTO and Chief Risk Officer ( CRO ) on the findings. The director will also participate in risk subcommittees relations IT risk as part of the overall Operational Risk Committee. These will include the CISO, CTO, CRO, and Chief Compliance Officer ( CCO ).
The Director will be responsible for developing and implementing the strategic plan for IT Risk Management using leading practices and methodologies to support and achieve long-range organizational goals. As part of implementing and enhancing the program and framework, the Manager should:
Essential Business Experience and Technical Skills:
- Serve as the primary IT Risk Management subject matter advisor for Brighthouse Financial
- Perform a regular (quarterly to semi-annual) IT Risk Assessments while partnering with multiple risk functions in line with regulatory requirements (i.e. NY-DFS) to assess risk across all IT domains.
- Report on the results of risk assessments to the CTO and CRO and serve on the risk subcommittees with the CTO, CRO, and CCO.
- Provide perspectives on IT risks to internal and external audit teams, including progress against top risks related to technology.
- Identify specific IT Risk observations and collaborate with the risk management organization to remediate high risk issues and document results and findings in OpenPages.
- Provide guidance and direction for the IT Risk Management program, including the development and implementation of IT risk methodologies, guidelines, procedures, processes, controls, reporting and leading practices
- Ensure that such practices fully align with Company-wide Operational Risk Management practices and methods
- Develop methodology and lead effort to create Application Profiles for Brighthouse s inventory of applications leveraging existing risk attributes and processes and enable within OpenPages
- Act as the IT risk management liaison between various business groups and risk functions dealing with IT risk matters
- Facilitate IT risk assessment/analysis and issues management for IT risks leveraging OpenPages.
- Act as governing body for IT risk monitoring of status on progress against the risk framework
- Assist with the design and coordination of IT risk reporting to Brighthouse key stakeholders and the linkages into full Company level risk reporting
- Participate actively in the Governance, Risk and Compliance (GRC) Design Group and GRC Working Group helping set requirements and drive consistent usage of the central GRC tool (OpenPages)
- Develop, implement and manage an IT Risk awareness program
- Train and develop IT Risk Management team members
- Bachelor s degree in a relevant field (e.g., Information Systems, Business Administration, or related major).
- 7+ years of professional experience in IT Risk Management and/or IT Audit, or Risk Management broadly, particularly in the financial services industry.
- Ability to communicate and navigate across cross-functional teams
- Demonstrated experience in collaborating across other areas with input into the control environment (e.g., risk, audit, compliance)
- Thorough understanding of risk management practices, including the lifecycle of risk identification, assessment, mitigation, acceptance, remediation as well as inherent and residual risks.
- Proven experience in planning, organizing, and developing Risk Management solutions in multiple business verticals and horizontals.
- Prior experience with IBM s OpenPages Risk Management tool (or similar GRC tools) is preferred.
- Knowledge of laws, regulations, guidelines, and frameworks within the financial services industry that mandate information security and information risk management requirements such as NY-DFS, FFIEC, NIST, COBIT, ISO27001, GLBA, OCC Heightened Standards, etc.
- Ability to effectively oversee concurrent activities and a team of direct reports including team management and development.
- Enjoys working in a growth oriented, entrepreneurial, high-energy environment.
- Certification(s) preferred - Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC)
Less than 5%