Third Party Risk Analyst

  • Competitive
  • Charlotte, NC, USA Charlotte NC US
  • Permanent, Full time
  • Brighthouse Financial, Inc.
  • 17 Jul 18 2018-07-17

Third Party Risk Analyst

Brighthouse Financial is a new company established by MetLife. We're on a mission to help people achieve financial security. Built on a foundation of industry knowledge and experience, we specialize in offering essential annuity and life insurance products designed to help customers protect what they've earned and ensure it lasts more predictably. In an industry that often has a reputation for complexity, confusion, and cost, Brighthouse Financial is different. Our approach includes simplicity, transparency, and more value so customers can face the future with confidence.

Brighthouse Financial is seeking passionate, high-performing team members to help us carry out our mission and be part of an exciting journey toward improving the financial futures of our millions of customers. Sound like you? Read on.

Role Value Proposition:
We are looking for a Third Party Risk analyst to join our growing information security team. In this role the selected candidate will operate independently and as part of a team to provide Third Party Risk assessments and support. This position is both a governance and hands-on role in support of ensuring supported vendors are providing the necessary security and support controls ensuring Brighthouse data is protected. The candidate should have strong information security skillset and a deep understanding of third party assessment and risk related methodologies. This position will report directly to Assistant Vice President of Security Operations and Incident Response.
The Third Pary Risk Analyst will have accountability for day to day management of security control assessments, risk finding and mitigation operations in support of the cloud enabled distributed environments. This role will be responsible for the managing and leading efforts assessing the company's control posture in relation to Business Process Outsourcing (BPO) and security control expectations.

Key Responsibilities:

  • Coordinate with key stakeholders to initiate, scope and plan risk assessments of new and existing vendor engagements.
  • Establishes and maintain partnerships with internal and external stakeholders, including all levels of technical and business management, to ensure effective collaboration on vendor related topics.
  • Analyze vendor risk assessment responses to validate existence of information security controls and identify non-compliance with financial industry frameworks and standards.
  • Generate workpapers of assessments and perform detailed analysis of identified issues.
  • Maintain central repository of vendor risk assessment artifacts and supporting documentation.
  • Communicate identified risks to key stakeholders and establish remediation action plans, and track and monitor identified vendor risks to closure.
  • Escalate high risk issues to senior management following established vendor risk management processes.
  • Maintain working knowledge of emerging IT risks and regulatory/compliance related information to contribute to the continuous improvement of the vendor risk management program.
Essential Business Experience and Technical Skills:
  • Understanding of all Information Security domains including but not limited to third party risk management, access control, network security, cryptography, physical security, incident management, etc.
  • Ability to research and comply with regulatory policies related to third parties.
  • IT audit background and experience with a variety of technologies.
  • Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with various levels of staff and management.
  • Ability to work independently on projects with little oversight or as part of a team.
  • Strong attention to detail, strong analytical skills, problem solving and reasoning abilities.
  • Detail oriented with the ability to multitask and quickly adapt to changing assignments.
  • Working knowledge of regulatory compliance requirements including Sarbanes Oxley, the Gramm-Leach-Bliley Act, and HIPAA
  • Bachelor's degree or higher in Information Systems, and/or related field and at least two years of experience in Cyber/Information Security Experience with commercial and open source security testing tools and technologies
  • Experience working with internal and external auditors.
  • Ability to work independently on projects with little oversight or as part of a team.
  • Strong attention to detail, strong analytical skills, problem solving and reasoning abilities
  • Bachelor's degree or higher in Information Systems, or related field and at least four (4) years' experience in Cyber/Information Security, IT, Third Party Risk, Auditing or the equivalent.
  • Experience working with internal and external auditors.
  • Working knowledge of Microsoft Office, Share Point and GRC solutions.
  • CISA, CISM, CGEIT, CRISC, CISSP or related certifications a plus.

Up to 25%