IT Governance Manager
Brighthouse Financial is on a mission to help people achieve financial security. As one of the largest providers of annuities and life insurance in the U.S., we specialize in products designed to help people protect what they've earned and ensure it lasts. We are built on a foundation of experience and knowledge, which allows us to keep our promises and provide the value they deserve.
At Brighthouse Financial, we're fostering a culture where diverse backgrounds and experiences are celebrated, and different ideas are heard and respected. We believe that by creating an inclusive workplace, we're better able to attract and retain our talent, provide valuable solutions that meet the needs of our advisors and their clients, and deliver on our mission of helping more people achieve financial security. We're seeking passionate, high-performing team member to join us. Sound like you? Read on. How This Role Contributes to Brighthouse Financial:
We are seeking an IT Governance Manager that can be a key leader in our second line of defense as we continue to build out our IT security functions here at Brighthouse. The three lines of defense are meant to work in the following way:
- First Line of Defense - The business line "owns" its risk, insofar as it acknowledges and manages the risk it incurs in pursuing its activities. This entails evaluating and monitoring controls for User Provisioning, Segregation of Duties, and Security Administration.
- The Second Line of Defense - this governance and risk management function is responsible for further identifying, assessing, monitoring, and reporting risk on an enterprise-wide basis independent of the first line of defense. The IT governance function is considered part of the second line of defense.
- The Third Line of Defense - The internal audit function conducts risk-based and general audits and reviews to reassure the board that the overall governance framework, including the risk governance framework, is effective and that policies and processes are in place and consistently applied.
We are searching for an Associate to align with our Second Line of Defense responsibilities. Key Responsibilities:
Essential Business Experience and Technical Skills:
- Produce reports for KRIs and KPIs for measuring and monitoring cyber risks on a continuous basis.
- Provide and perform independent assurance and validation activities over common cybersecurity controls that include both administrative and technical.
- Become aware of the critical and highly sensitive processes & controls, and business continuity
- Support selected cyber security remediation efforts, involved with strategic planning with 1LOD.
- Assess the accuracy, completeness, and sufficiency of the risk management governance framework, processes and methodologies. Identify and define emerging cyber threats and risks to the environment
- Proficient in common cybersecurity domains: data protection, access control, encryption, identify management, security operations, application security, penetration tests, end-point security, vulnerability management, threat intelligence, risk assessment.
- Solid foundation in information technology and information security principles. Familiar with common cybersecurity frameworks and standards such as PCIDSS, ISO 27000 series, CIS Security Controls, NYDFS, and/or NIST Framework for Improving CIS.
- Previous working experiences in cybersecurity operation and relevant security design knowledge.
- Bachelor and or Master's Degree in Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics or relevant technical field.
- CISSP, CISM, or CISA certifications a strong plus.
- Requires broad understanding of technical security concepts and familiarity with related technologies, as well as a solid conceptual knowledge of enterprise IT system operations.
- Probes for additional information, clarifies assumptions and confirms agreed-upon actions.
- Keeps everyone involved informed about progress and issues.
- Takes responsibility for achieving strong results, despite balancing multiple complex demands.
- Knows who to reach out to inside and outside of one's team to get work done.
- Assists in the collection and initial analysis of data, preparation of business owner control surveys.
- Develops training on policies and procedures concerning controls and risk management.
- Reports audit results and determines corrective action plans, as necessary.
- Proficient in Excel, Word, PowerPoint, Outlook, SharePoint
- Communicates in a timely and straightforward manner.
Less than 5%