Job Information
MetLife Senior IT Risk and Security Consultant in Cary, North Carolina
Role Value Proposition:
The Global Security Audit and Advisory team is part of the Global Security Governance, Risk, Compliance, and Awareness department within the Global Technology Organization. The team performs an important role in partnering with the business units, global technology, operations, and audit to ensure that management anticipates, recognizes, and appropriately manages risks. Specifically, the GS Risk, Controls, and Compliance is responsible for overseeing the external audit engagements to include various SSAE18 reports, SOX compliance, PCI, and HIPPA, and ensuring MetLife has processes and controls in place to meet our growing legal, regulatory, and security requirements.
Success in this role requires the ability to manage projects, to problem solve and collaborate with stakeholders internal and external to the team, and to collaborate and communicate effectively with different levels of management. The Senior IT Risk and Security Consultant is responsible for managing the audit activities - planning and coordinating audit walkthroughs, facilitating the collection of audit evidence, supporting the audit testing, and partnering with process and control owners to remediate exceptions and enhance controls. You'll collaborate closely with the external and internal auditors, technology and application owners, and Global Security leaders in an environment where every contribution is respected, and every perspective is heard.
This is an exciting opportunity to partner with leaders across global security and technology to enhance MetLife's control environment. By coordinating the audit activities, you help ensure MetLife meets its control obligations for its customers. The role provides visibility and collaboration with leadership globally and in support of many different technologies and functional areas.
Key Responsibilities:
Responsible for coordinating the activities of the external audits, SOX and SSAE18 SOC1 and SOC2 working closely with external auditors, control owners, and client-facing team.
Work with the auditors and process and control owners as the point person in key audit-related activities such as communication of the controls and audit objectives, coordinate audit walkthroughs, track and fulfill evidence requests to support compliance audits such as Sarbanes Oxley, SSAE 18 SOC 1 and SOC 2, and ISO 27001.
Partner with process and control owners to ensure MetLife technology controls are in place and accurately reflected in the audit results. This position will also be involved in the documentation of control procedures, process narratives, and monitoring of audit corrective action plans.
Partner with technology teams to ensure controls are designed effectively and documented sufficiently.
Develop remediation plans and control enhancements for audit exceptions and issues.
Manage internal team reporting and metrics to provide visibility to the audit progress and outcomes.
Build relationships with process and control owners and technology leadership to improve audit results.
Essential Business Experience and Technical Skills:
Required:
Bachelor's degree from an accredited college or university with major coursework in accounting, finance, IT, business administration or a closely related field.
5 years of experience in IT risk and compliance (preferred), internal audit, or IT risk advisory with a strong understanding of audit processes and engagements.
Strong understanding of Information Technology, controls, and IT Security.
Working knowledge of Sarbanes-Oxley, SSAE18 SOC 1 and SOC2 requirements.
Basic knowledge of technology and information systems - server and database technology such as Windows, Linux, Oracle, SQL, and other technology platforms.
Organizational skills: time management, prioritization, and delegation.
Preferred:
Experience managing medium or high-complexity projects.
Power BI, SharePoint, data analytics, and reporting experience.
Collaborative and team-oriented.
Industry certifications - security (CISSP, CISM), technology certification (ITIL), or audit (CISA, CIA, CPA).
Experience consulting or auditing technology operations, Information Security, Identity, and Access controls.
At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.
Equal Employment Opportunity/Disability/Veterans
If you need an accommodation due to a disability, please email us at accommodations@metlife.com. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.
MetLife maintains a drug-free workplace.