Senior IT Risk and Security Advisor

Description and Requirements
The Team You Will Join
The Global Security Risk, Controls & Compliance team is part of the Global Security Governance, Risk, Compliance and Awareness department within the Global Technology Organization. The team performs an important role in partnering with the business units, global technology, operations, and audit to ensure that management anticipates, recognizes, and appropriately manages risks. Specifically, the Global Security Audit Advisory team is responsible for overseeing the external audit engagements to include various SSAE18 reports, SOX compliance, PCI and HIPPA. The team ensures MetLife has processes and controls in place to meet our growing legal, regulatory, and security requirements.
The Opportunity
The Senior IT Risk and Security Advisor is responsible for coordinating the activities of the external audits, SOX and SSAE18 SOC1 and SOC2, working closely with external auditors, control owners and client-facing team. The candidate will work with the auditors, management, and control owners as the point person in key audit related activities such as communication of the controls and audit objectives, coordinate audit walkthroughs, track and fulfill evidence requests to support compliance audits such as Sarbanes Oxley, SSAE 18 SOC 1 and SOC 2, and ISO 27001. The Senior will partner with technology leadership and control owners to ensure MetLife technology controls are in place and accurately reflected in the audit results. This position will also be involved in the documentation of control procedures, process narratives, and monitoring of audit corrective action plans. This is an exciting opportunity to partner with leaders across global security and technology to enhance MetLife's control environment. By coordinating the audit activities, you help ensure MetLife meets its control obligations for its customers. The role provides visibility and collaboration with leadership globally and in support of many different technologies and functional areas.
Success in this role requires the ability to manage projects, to problem solve and collaborate with stakeholders internal and external to the team, and to collaborate and communicate effectively with different levels of management. The Senior IT Risk and Security Consultant is responsible for managing the audit activities - planning and coordinating audit walkthroughs, facilitating the collection of audit evidence, supporting the audit testing, and partnering with process and control owners to remediate exceptions and enhance controls. You'll collaborate closely with the external and internal auditors, technology and application owners, and Global Security leaders in an environment where every contribution is respected, and every perspective is heard.
How You'll Help Us Build a Confident Future (Key Responsibilities)

• Coordinate the audit activities to ensure we meet the audit timelines.
• Partner with technology teams to ensure controls are designed effectively and documented sufficiently.
• Develop remediation plans and control enhancements for audit exceptions and issues.
• Manage internal team reporting and metrics to provide visibility to the audit progress and outcomes.
• Build relationships with process and control owners and technology leadership to improve audit results.

Required Skills

• 5 years of experience in IT risk and compliance, internal audit or IT risk advisory with a strong understanding of audit processes and engagements.
• Strong understanding of Information Technology, controls, and IT Security.
• Working knowledge of Sarbanes-Oxley, SSAE18, SOC 1 and/or SOC2 requirements.
• Basic knowledge of technology and information systems - server and database technology such as windows, Linux, Oracle, SQL, and/or other technology platforms.
• Organizational skills: time management, prioritization, and delegation.

Preferred Skills

• Experience managing medium or high complexity projects.
• Bachelor's degree from an accredited college or university with major course work in accounting, cyber security, IT, business administration or a closely related field.
• Power BI, Sharepoint, data analytics and reporting experience.
• Collaborative and team-oriented.
• Industry certifications - security (CISSP, CISM), technology certification (ITIL), or audit (CISA, CIA, CPA).
• Experience in consulting or auditing technology operations, Information Security, Identity and Access controls.

Benefits We Offer
Our U.S. benefits address holistic well-being with programs for physical and mental health, financial wellness, and support for families. We offer a comprehensive health plan that includes medical/prescription drug and vision, dental insurance, and no-cost short- and long-term disability. We also provide company-paid life insurance and legal services, a retirement pension funded entirely by MetLife and 401(k) with employer matching, group discounts on voluntary insurance products including auto and home, pet, critical illness, hospital indemnity, and accident insurance, as well as Employee Assistance Program (EAP) and digital mental health programs, parental leave, volunteer time off, tuition assistance and much more!
About MetLife
Recognized on Fortune magazine's list of the 2024 "World's Most Admired Companies", Fortune World's 25 Best Workplaces™ for 2024, as well as the 2025 Fortune 100 Best Companies to Work For ®, MetLife , through its subsidiaries and affiliates, is one of the world's leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East.
Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by empathy, we're inspired to transform the next century in financial services. At MetLife, it's #AllTogetherPossible . Join us!
MetLife is an Equal Opportunity Employer. All employment decisions are made without regards to race, color, national origin, religion, creed, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, marital or domestic/civil partnership status, genetic information, citizenship status (although applicants and employees must be legally authorized to work in the United States), uniformed service member or veteran status, or any other characteristic protected by applicable federal, state, or local law ("protected characteristics").
If you need an accommodation due to a disability, please email us at [email protected]. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.
MetLife maintains a drug-free workplace.
#BI-Hybrid