Director Cybersecurity Compliance
- Charlotte, NC, USA
- Permanent, Full time
- Brighthouse Financial, Inc.
- 24 Feb 18 2018-02-24
Director Cybersecurity Compliance
Brighthouse Financial is a new company established by MetLife. We're on a mission to help people achieve financial security. Built on a foundation of industry knowledge and experience, we specialize in offering essential annuity and life insurance products designed to help customers protect what they've earned and ensure it lasts more predictably. In an industry that often has a reputation for complexity, confusion, and cost, Brighthouse Financial is different. Our approach includes simplicity, transparency, and more value so customers can face the future with confidence.
Brighthouse Financial is seeking passionate, high-performing team members to help us carry out our mission and be part of an exciting journey toward improving the financial futures of our millions of customers. Sound like you? Read on.
Role Value Proposition:
Reporting to the AVP of IT Governance, Risk and Compliance, the Director will be responsible for establishing and implementing a Cybersecurity compliance program that maximizes efficiency to meet cross-regulatory compliance requirements. The director should be proficient in cybersecurity / data protection regulatory requirements that include, but are not limited to NY DFS, HIPAA, GLBA and PCI DSS.
The Director will support peers with advice regarding the compliance impact of their operations and how to comply efficiently, and will provide insight to executive management regarding emerging IT compliance needs and regulatory changes affecting Brighthouse. The Director will also be responsible for monitoring compliance against requirements, reporting issues and working to identify remediation options / solutions. The Director will oversee the IT compliance program, and will provide advice regarding construction and updates to policies and procedures at the department and Company level to strengthen the Company's compliance posture. Finally, the Director will be responsible for leading the organization to develop an ingrained culture of compliance that puts customers' trust first.
The Director will be responsible for developing a program to comply with the cross-jurisdictional regulatory requirements related to cybersecurity / data protection. In order to accomplish the goal, the Director should:
- Develop a strong and efficient Cybersecurity compliance program rooted in leading practices across the insurance / financial services industry
- Serve as the primary IT regulatory compliance subject matter expert for Brighthouse
- Interface with executive management regarding the compliance implications of decisions facing the organization
- Seek advice when necessary from Brighthouse Legal or outside counsel in assessing the impact of newly passed or updated regulations
- Review compliance program effectiveness through the use of internal reviews and leveraging the activities of Internal Audit
- Develop and maintain policies and procedures to support compliance with all regulatory requirements facing the Company's IT operations
- Partner with IT to implement strong practices and foster a culture of compliance
Essential Business Experience and Technical Skills:
- 10+ years of security and compliance experience
- 5 years of team management experience
- Strong understanding of IT and Cybersecurity compliance regulations, including, but not limited to, NY DFS, HIPAA, GLBA and PCI DSS
- Strong communicator, creative, intelligent, self-disciplined and highly industrious.
- Enjoys working in a growth oriented, entrepreneurial, high-energy environment.
- Four-year bachelor's degree or advanced degree in Information Security or a related field
- Certification(s) preferred: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Privacy Professional (CIPP)