Sr. IT Risk Management Consultant
- Charlotte, NC, USA
- Permanent, Full time
- Brighthouse Financial, Inc.
- 22 Oct 18
Sr. IT Risk Management Consultant
Brighthouse Financial is a new company established by MetLife. We're on a mission to help people achieve financial security. Built on a foundation of industry knowledge and experience, we specialize in offering essential annuity and life insurance products designed to help customers protect what they've earned and ensure it lasts more predictably. In an industry that often has a reputation for complexity, confusion, and cost, Brighthouse Financial is different. Our approach includes simplicity, transparency, and more value so customers can face the future with confidence.
Brighthouse Financial is seeking passionate, high-performing team members to help us carry out our mission and be part of an exciting journey toward improving the financial futures of our millions of customers. Sound like you? Read on.
Role Value Proposition:
Reporting into the Chief Information Security Officer (CISO) of Brighthouse Financial, the Manager of IT Risk Management will support the development and implementation of the IT Risk Management program and framework to effectively manage risks across IT processes and systems that support business operations.
This role will also matrix report into the Head of Risk Governance and Operational Risk.The Manager will lead a lean, cross-functional internal team that is supported by service providers. The Manager will also be responsible for collaborating with Brighthouse Financial's cybersecurity, operational risk management, legal, compliance, third party risk management, audit functions as well as the GRC solution enablement team
- The Manager will be responsible for developing and implementing the strategic plan for IT Risk Management using leading practices and methodologies to support and achieve long-range organizational goals. As part of implementing the program and framework, the Manager should:
- Serve as the primary IT Risk Management subject matter advisor for Brighthouse Financial
- Provide guidance and direction for the IT Risk Management program, including the development and implementation of IT risk methodologies, guidelines, procedures, processes, controls, reporting and leading practices
- Ensure that such practices fully align with Company-wide Operational Risk Management practices and methods
- Act as the IT risk management liaison between various groups dealing with IT risk matters
- Facilitate IT risk assessment/analysis and issues management for IT risks
- Act as governing body for IT risk monitoring of status on progress against the risk framework
- Assist with the design and coordination of IT risk reporting to Brighthouse key stakeholders and the linkages into full Company level risk reporting
- Participate actively in the Governance, Risk and Compliance (GRC) Working Group - helping set requirements for use of the common tool (OpenPages)
- Develop, implement and manage an IT Risk awareness program
- Train and develop IT Risk Management team members
Essential Business Experience and Technical Skills:
- Bachelor's degree in a relevant field (e.g., Information Systems, Business Administration, or related major).
- 6+ years of professional experience in IT Risk Management, or Risk Management broadly, particularly in the financial services industry.
- Strong communicator, creative, intelligent, self-disciplined and highly industrious.
- Enjoys working in a growth oriented, entrepreneurial, high-energy environment.
- Basic understanding of risk management practices, including the lifecycle of risk identification, mitigation, acceptance, remediation as well as inherent and residual risks.
- Proven experience in planning, organizing, and developing Risk Management solutions in multiple business verticals and horizontals.
- Prior experience with IBM's OpenPages Risk Management tool.
- Knowledge of laws, regulations, guidelines, and frameworks within the financial services industry that mandate information security and information risk management requirements such as NY-DFS, FFIEC, NIST, ISO27001, GLBA, OCC Heightened Standards, etc.
- Ability to effectively oversee concurrent activities and a team of direct reports including team management and development.
- Certification(s) preferred - Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC)
Number of Openings: