Job Information
MetLife Lead Security Analyst in Cary, North Carolina
Position Overview:
This role will be responsible for managing and maturing our cybersecurity posture by leveraging threat intelligence tools, internal and external information to monitor the cybersecurity risks associated with third-party vendors and remediating security findings and incidents. This role is crucial to protecting our organization from potential threats introduced though our vendor ecosystem.
Key Responsibilities:
Mature and manage the Continuous Monitoring and Incident Response program to evaluate the security posture of third-party vendors.
Experience with monitoring tools (e.g., BlueVoyant, SecurityScorecard, KY3P, etc.) to detect, analyze, and respond to potential threats from vulnerabilities originating with Third Party vendors.
Develop Metrics and dashboards to provide real-time insights into Third Party vendors security performance using tools like PowerBI, SharePoint and Excel.
Utilize threat intelligence to proactively identify emerging threats related to Third Parties and continuously monitor for indicators of compromise (IOCs) and other signs of potential security incidents.
Analyze security alerts and logs to identify and assess the impact of Third Party incidents.
Develop, implement, and maintain risk mitigation strategies and plans.
Partners with cross-functional teams to improve the quality of security incident response management throughout the organization.
Act as a primary point of contact for Third Party related security incidents and coordinate with internal and external stakeholders during security incidents to ensure timely and effective response.
Lead efforts to contain and mitigate the impact of incidents involving Third Parties.
Conduct thorough post-incident reviews to determine the root cause and prevent recurrence.
Document and share lessons learned and update incident response plans and procedures based on findings.
Assess existing detection and response capabilities and provide recommendations for improvements.
Report on incident details, impacts, and remediation efforts to senior management and stakeholders.
Communicate security expectations and requirements to Third Party vendors clearly and effectively.
Oversight of resources in Center of Excellence (CoE) supporting the program.
Qualifications:
Required:
Minimum 3-5 years’ experience in Third Party Cyber Risk Management or related work.
Strong knowledge of global security and privacy breach laws and regulatory reporting.
Technical expertise in information security, including familiarity with penetration and intrusion techniques and attack vectors.
Proficiency in security monitoring and assessment tools and platforms.
Excellent analytical, problem-solving, and decision-making skills.
Strong communication and interpersonal skills.
Detail oriented with the ability to manage multiple tasks and prioritize effectively.
Preferred:
Bachelor’s degree in cyber security, Information Technology, Computer Science, or a related field.
Relevant information security certifications (e.g., CISSP, CISM, CEH, CRISC, CISA, OSCP, GPen) highly preferred.
Experience implementing policies, procedures, and technology to detect and recover from a cybersecurity attack.
Equal Employment Opportunity/Disability/Veterans
If you need an accommodation due to a disability, please email us at accommodations@metlife.com. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.
MetLife maintains a drug-free workplace.