Analyst, IT Third Party Risk Management

  • Company: MetLife
  • Location: Cary, North Carolina
  • Posted: February 16, 2017
  • Reference ID: 37581-en_US

Job Location: United States : North Carolina : Cary  




The IT TPRM Analyst role will be primarily responsible for the coordination of activities associated with the Global IT Third Party Risk Management Program within MetLife’s IT Risk and Security Organization.



  • Conduct vendor risk assessments over third party vendors, including but not limited to: determining the scope of the service provided by interacting with MetLife Senior Management; administering risk assessments directly to vendors using our online tool; examining responses to determine the extent of risk the relationship represents to MetLife; offering recommendations to MetLife Management on how to respond to any risks; and generating formal findings.
  • Assess and respond to risk findings, including pursuing action plans to completion and negotiating due dates with vendors.
  • Perform security assessments of systems, applications, data centers, and service providers using an established framework and tools to evaluate vulnerabilities. Research new and developing technologies and standards to help contribute to the continuous improvement of the risk assessment process.
  • Act as a subject matter expert in understanding why certain risks are a threat to the company and how compensating or mitigating processes affect that risk.
  • Provide guidance on IT Security Requirements during Contract negotiation discussions.


  • 2+ years of IT Security Assessment and/or IT Audit experience.
  • A basic understanding of how to read and interpret the results of audit reports (SSAE16, PCI ROC, etc.), security assessments (penetration tests, vulnerability scans, etc.), and/or continuity tests (Disaster Recovery, Business Continuity, Security Incident, etc.)
  • Understanding and knowledge of information security standards and laws (e.g., ISO 27001/27002, NIST, FFIEC, etc.), and commonly used concepts, practices and procedures within the information security and privacy field.
  • Bachelor’s degree in Computer Science, MIS, Information Systems, or related discipline.
  • Professional certification; such as CISA, CRISC, or CISSP Certifications preferred.
  • Excellent communication skills and be able to write, speak and present to all levels of management.
  • Strong organizational ethic to manage a large volume of competing tasks effectively.
  • Direct experience developing, implementing, and improving technology controls in a corporate environment.


At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.



MetLife is a proud equal opportunity/affirmative action employer committed to attracting, retaining, and maximizing the performance of a diverse and inclusive workforce. It is MetLife's policy to ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.

MetLife maintains a drug-free workplace.

For immediate consideration, click the Apply Now button. You will be directed to complete an on-line profile. Upon completion, you will receive an automated confirmation email verifying you have successfully applied to the job.

Requisition #: 37581 

Share this Job