This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

The Cybersecurity GRC Specialist is responsible for managing and strengthening MetLife Legal Plans' Technology Governance, Risk, and Compliance (GRC) program. This role helps ensure the organization effectively identifies, assesses, and mitigates technology and cybersecurity risks while maintaining compliance with regulatory requirements, industry standards, and internal policies.

This individual plays a key role in protecting MetLife Legal Plans’ information assets by developing and maintaining risk management frameworks, overseeing security and compliance initiatives, and partnering with technology, legal, and business teams to integrate security best practices across the organization.

The Cybersecurity GRC Specialist also supports the organization’s Third-Party Risk Management (TPRM) program, ensuring that vendors, partners, and sponsors meet required security and risk standards before and during their engagement with the organization.

A successful candidate will have a strong background in IT risk management, cybersecurity, and information security governance, along with the ability to communicate effectively with both technical and non-technical stakeholders. Staying informed about emerging threats, evolving regulatory requirements, and industry best practices is essential to this role.

Qualifications

• 5+ years of experience in IT Governance, Risk, Compliance (GRC), cybersecurity, or information security
• Bachelor’s degree in Computer Science, Information Security, or related field preferred
• Security certifications such as CISSP, CISA, CRISC, or similar highly preferred
• Experience with Third-Party Risk Management (TPRM) programs
• Prior experience with the ISO 27001:2022 Framework
• Prior experience leading projects, initiatives, or mentoring team members preferred

Requirements

• Support the development and ongoing maturity of MLP’s IT risk management framework
• Conduct and oversee risk assessments to identify potential threats, vulnerabilities, and business impacts across systems and data environments
• Contribute to the development, maintenance, and enforcement of IT security policies, standards, and procedures
• Ensure policies align with regulatory requirements, internal governance standards, and industry best practices
• Provide guidance on secure system and application design
• Partner with IT teams to ensure security controls are incorporated into infrastructure, systems, and application development
• Support the development and delivery of security awareness programs for employees
• Promote a culture of security and risk awareness across the organization
• Assist in the development and maintenance of incident response procedures
• Participate in security incident investigations and response coordination as needed
• Help ensure IT systems and security practices comply with applicable laws, regulations, and industry standards
• Support internal and external audits and assist with remediation efforts when needed
• Review vendor security documentation, certifications, and controls to ensure alignment with MLP security standards
• Partner with procurement, legal, and technology teams to manage vendor risk throughout the vendor lifecycle
• Support the continuous improvement of MLP’s third-party risk management program
• Evaluate security technologies, tools, and solutions to strengthen the organization’s security posture
• Stay informed on emerging cybersecurity trends and recommend improvements where appropriate
• Work closely with IT teams including infrastructure, application development, and network security
• Provide guidance on security best practices and assist with implementing appropriate controls
• Communicate technology and security risks to leadership and key stakeholders
• Translate technical security concepts into clear business impact and risk language
• Review and respond to security questionnaires from clients, sponsors, and partners
• Evaluate vendor and partner security responses to assess risk exposure
• Support internal and external audit activities, including documentation preparation and evidence collection
• Partner with internal teams to address audit findings and strengthen controls
• Support contract reviews to ensure appropriate security and risk management provisions are included
• Collaborate with legal, procurement, and technology teams to align vendor agreements with security standards
• Contribute to the ongoing improvement of MLP’s risk, security, and governance programs
• Identify opportunities to enhance processes, controls, and risk visibility across the organization

Benefits

• Occasional travel may be required (10% or less)