Share this Job

Specialist - Technology Services

Apply now »

Date Posted: May 12, 2022

Location(s): Noida, IN, 0

Company: MetLife

Specialist - Technology Services

 

Position Summary

 

 

 

To perform end to end IT third party risk assessments, which includes Vendor Due Diligence, Risk Identification and Analysis, Archer Management, Reviewing the vendor's questionnaire, Control Mapping, Third party audit report review, Findings and Exceptions Management, Risk Mitigation and Periodic Reviews and various Contracts negotiations; on MetLife’s vendor and other third party organizations to ensure adherence to security and compliance requirements.

 

Job Responsibilities

 

 

  1. Conduct end to end IT third party vendor risk assessments over third party vendors, including but not limited to: determining the scope of the service provided by interacting with MetLife Senior Management and business point of contacts; administering risk assessments directly to vendors using our online GRC tool; examining responses to determine the extent of risk the relationship represents to MetLife; performing gap assessments on the vendor’s control environment; reviewing vendor’s third party audit reports; offering recommendations to Vendor and MetLife’s management on the risk incurred, and on how to respond to any risks; and generating risk findings.
  2. Assess and respond to risk findings, including pursuing action plans to completion and negotiating due dates with vendors;
  3. Provide guidance to the business, Strategic Sourcing and other stakeholders to ensure requirements of VRM are fully understood
  4. Perform security assessments of systems, applications, data centers, infrastructures and service providers using an established framework and tools to evaluate vulnerabilities. Research new and developing technologies and standards to help contribute to the continuous improvement of the risk assessment process
  5. Act as a subject matter expert in understanding why certain risks are a threat to the company and how compensating or mitigating processes affect that risk
  6. Prepare weekly and monthly reports and dashboards, which shall be submitted to higher management and stakeholder;
  7. Provide guidance on IT Security Requirements during Contract negotiation discussions.
  8. Continually reassess the operational risks associated with the function and inherent in the business
  9. Support Vendor selection and contracting on major sourcing efforts and reassess the risks associated with a vendor relationship prior to the renewal of contract agreements
  10. Identify and communicate departmental vendor risk issues and compliance problems that have not been adequately addressed; offer reasonable solutions, and assist them with efforts to come into compliance

 

 

 

 

Knowledge, Skills and Abilities

 

 

Education

  • Master’s/Bachelor’s degree in Engineering/IT/Information Security or Computer Science from a recognized Indian University

 

Experience

  • Experience into IT-Third Party Risk Management,  IT risk & security and  IT audit.

 

 

Knowledge and skills (general and technical)

  • Knowledge of information security standards (SSAE16, PCI ROC/AOC, ISO 27001:2013), laws (e.g., NIST, FFIEC, etc.), and regulatory requirements (e.g., GDPR, DPL, HIPAA) and commonly used concepts, practices and procedures within the information security, application security, data center security, and privacy.
  • Proven solid analytical and problem solving skills. Advanced computer skills including Microsoft Office suite and other business related software systems.
  • Skills in influencing business units to assess and monitor vendor risk and follow vendor risk management policy.
  • Ability to manage various complex projects and processes to completion. Sound concepts of Vendor Assessments and to manage existing work and also for providing value addition to existing work.
  • Excellent writing and communication skills; able to translate technical concepts into layperson’s terms and interface with upper-level management including Legal Counsel and Corporate Compliance.
  • Excellent ability to work effectively with peers, business units,  IT management and staff, and internal/external business partners/clients/vendors.
  • Able to deal with ambiguity - integrate, prioritize and rollout programs without clearly defined guideline.
  • Strong organizational ethics to manage a large volume of competing tasks effectively.
  • Direct experience in developing, implementing, and improving technology controls in a corporate environment.
  • Experience of working in a fast-paced organization that is focused on accountability (must deliver results).
  • Experience working with all levels of an organization and be comfortable in presenting, interacting with, and taking direction from Senior Management
  • Have a team leading and mentoring skill to lead a team of information security professionals and mitigate their IT risk issues.

 

 

Other Requirements (licenses, certifications, specialized training – if required)

  • ISO 27001:2013 (preferred)
  • CISA, CRISC, CISSP (preferred)

 

 

 

       

 

MetLife:

 

MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.

 

We are ranked #44 on the Fortune 500 list for 2019. In 2019, we were named to the Dow Jones Sustainability Index (DJSI) for the fourth year in a row. DJSI is a global index to track the leading sustainability-driven companies.      

 

MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world.

 

MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.