Position Overview:

This role will be responsible for managing and maturing our cybersecurity posture by leveraging threat intelligence tools, internal and external information to monitor the cybersecurity risks associated with third-party vendors and remediating security findings and incidents. This role is crucial to protecting our organization from potential threats introduced though our vendor ecosystem.

Key Responsibilities:

• Mature and manage the Continuous Monitoring and Incident Response program to evaluate the security posture of third-party vendors.

• Experience with monitoring tools (e.g., BlueVoyant, SecurityScorecard, KY3P, etc.) to detect, analyze, and respond to potential threats from vulnerabilities originating with Third Party vendors.

• Develop Metrics and dashboards to provide real-time insights into Third Party vendors security performance using tools like PowerBI, SharePoint and Excel.

• Utilize threat intelligence to proactively identify emerging threats related to Third Parties and continuously monitor for indicators of compromise (IOCs) and other signs of potential security incidents.

• Analyze security alerts and logs to identify and assess the impact of Third Party incidents.

• Develop, implement, and maintain risk mitigation strategies and plans.

• Partners with cross-functional teams to improve the quality of security incident response management throughout the organization.

• Act as a primary point of contact for Third Party related security incidents and coordinate with internal and external stakeholders during security incidents to ensure timely and effective response.

• Lead efforts to contain and mitigate the impact of incidents involving Third Parties.

• Conduct thorough post-incident reviews to determine the root cause and prevent recurrence.

• Document and share lessons learned and update incident response plans and procedures based on findings.

• Assess existing detection and response capabilities and provide recommendations for improvements.

• Report on incident details, impacts, and remediation efforts to senior management and stakeholders.

• Communicate security expectations and requirements to Third Party vendors clearly and effectively.

• Oversight of resources in Center of Excellence (CoE) supporting the program.

Qualifications:

Required:

• Minimum 3-5 years’ experience in Third Party Cyber Risk Management or related work.

• Strong knowledge of global security and privacy breach laws and regulatory reporting.

• Technical expertise in information security, including familiarity with penetration and intrusion techniques and attack vectors.

• Proficiency in security monitoring and assessment tools and platforms.

• Excellent analytical, problem-solving, and decision-making skills.

• Strong communication and interpersonal skills.

• Detail oriented with the ability to manage multiple tasks and prioritize effectively.

Preferred:

• Bachelor’s degree in cyber security, Information Technology, Computer Science, or a related field.

• Relevant information security certifications (e.g., CISSP, CISM, CEH, CRISC, CISA, OSCP, GPen) highly preferred.

• Experience implementing policies, procedures, and technology to detect and recover from a cybersecurity attack.

Equal Employment Opportunity/Disability/Veterans

If you need an accommodation due to a disability, please email us at accommodations@metlife.com. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.

MetLife maintains a drug-free workplace.