Share this Job

Senior Manager - Governance & Risk

Apply now »

Date Posted: May 6, 2022

Location(s): Noida, IN, 0

Company: MetLife

Position Summary


MetLife is committed to have a strong Risk & Compliance culture including key verticals such as Data Privacy, Information Security, Risk Management, Business Continuity, and compliance. Robust Risk framework govern our organizational goals and stakeholder requirements.
The candidate shall be part of the central Risk and Governance team.

Job Responsibilities


The candidate will be part of MetLife Global Operations Support Center’s Risk team and responsible for key contributions to all Risk Verticals (Privacy lifecycle, BCM and Risk Management)
2. The role requires close collaboration with internal and external stake holders including management reporting to ensure compliance on policies and guidelines.
3. Preferred expertise and knowledge on majority of following information control areas.
o Physical and Environmental Security
o Information Security Management
o Information classification and handling
o Encryption
o Third Party Security Management
o Incident & Crisis Management
o Audit and Compliance
o Change and Vulnerability Management
o Network Security Configuration and Management
o Systems Monitoring & Logging, Security Configuration and Management
o Access Control
o Business Impact Analysis
o Knowledge of Business Continuity Planning Lifecycle of ISO 22301:2019
o understanding of Risk methodology (Identification, assessment, and monitoring)
o Vendor assessments
4. Manage reporting to show the organizational Health report to the management regularly
5. May produce other reporting to show data privacy and risk across risk domains or within all business lines.
6. Create processes to ensure the timely and accurate completion of information security risk assessments (Privacy Impact Assessment) along with continual improvement of operational effectiveness.
7. Produced work is highly visible as planned vs. targeted & reported to senior management
8. Responsible for managing the development, implementation, and monitoring of a risk-based program for organization wide risks to identify, assess and mitigate operational risk that arises from inadequate or failed internal processes, people, systems, or external events.
9. Maintains a balance between risk mitigation and operational efficiency.
10. Shall be responsible to develop and implement data Privacy policies, procedures, and controls for the respective business and/or functional area.
11. Provides expertise of data privacy & information security to business projects and initiatives and participates in the development of risk/ impact rating systems.
12. Works with business line and/or functional management to resolve issues and address deficiencies to mitigate data privacy risk.
13. Perform security assessments of systems, data centers, infrastructures and service providers using an established framework and tools to evaluate vulnerabilities. Research new and developing technologies and standards to help contribute to the continuous improvement of the risk assessment process
14. Act as a subject matter expert in understanding why certain risks are a threat to the organization and how compensating or mitigating processes affect that risk
15. Prepare a recurring database of key Data privacy vulnerabilities & corresponding controls as part of the organizational sanitization mechanism
16. Provide guidance on IT Security Requirements
17. Detailed knowledge and understanding of the industry recognized Data Privacy and Information security certifications including Legal & Regulatory requirements
18. Should be well versed & preferably hands on experience of the latest Business Continuity Management practices




Master’s/Bachelor’s degree




12+ years of experience in Risk Verticals; Data Privacy, compliance, operational risk, ,IT systems and information security and Business Continuity. Of which at least 7-8 years must include direct experience in Data Privacy & Information security along with sound knowledge of risk management, Business Continuity and Compliance


Knowledge and skills (general and technical)


Knowledge of information security standards (SSAE16, PCI ROC/AOC, ISO 27001:2013), laws (e.g., NIST, FFIEC, etc.), and regulatory requirements (e.g., GDPR, DPL, HIPAA) and commonly used concepts, practices and procedures within the information security, application security, data center security, and privacy.
• Proven solid analytical and problem solving skills. Advanced computer skills including Microsoft Office suite and other business related software systems.
• Ability to manage various complex projects and processes to completion. Sound concepts of Vendor Assessments and to manage existing work and also for providing value addition to existing work.
• Excellent writing and communication skills; able to translate technical concepts into layperson’s terms and interface with upper-level management including Legal Counsel and Corporate Compliance.
• Excellent ability to work effectively with peers, business units, IT management and staff, and internal/external business partners/clients/vendors.
• Able to deal with ambiguity - integrate, prioritize and rollout programs without clearly defined guideline.
• Strong organizational ethics to manage a large volume of competing tasks effectively.
• Direct experience in developing, implementing, and improving technology controls in a corporate environment.
• Experience of working in a fast-paced organization that is focused on accountability (must deliver results).
• Experience working with all levels of an organization and be comfortable in presenting, interacting with, and taking direction from Senior Management
• Team leading experience preferable


Other Preferred Requirements


• ISO 27001:2013
• ISO 22301: 2019
• COSO & ISO 31000 framework



MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.


We are ranked #44 on the Fortune 500 list for 2019. In 2019, we were named to the Dow Jones Sustainability Index (DJSI) for the fourth year in a row. DJSI is a global index to track the leading sustainability-driven companies.      


MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world.


MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.