: Brighthouse Financial is seeking a Chief Security Officer who is passionate about the company’s mission. Reporting to the Chief Technology Officer of Brighthouse Financial, the Chief Information Security Officer (CISO) will ensure information security compliance and a strong supporting enterprise risk management and governance framework. The CISO is responsible for the safeguarding of all company information technology assets across all platforms (technology platforms, data centers, and data and records storage), locations (Brighthouse Financial, significant affiliated companies and outsourced technology and business operations) and all technology and security stakeholders / customers.
The scope of the CISO role includes the establishment of a complete vision for security practices and the establishment / management of policies, procedures, guidelines, standards, compliance frameworks, compliance models risk analysis, risk assessments, acceptance processes, technical architecture, information security solutions and executive “State of the Information Security Program” reporting. The CISO must effectively demonstrate the ability to educate and train stakeholders; building awareness programs and a security mindset / culture from top to bottom; conducting exercises that reinforce security behaviors and ensure strong risk management processes.
- The CISO will also be responsible for collaborating with Brighthouse Financial’ s governance, audit, and infrastructure management functions to establish and regularly test business resiliency processes and procedures. This will include ensuring proper prioritization of business, technology, and operations functions; confirming the presence of proper backup and recovery mechanisms; and regular testing of business continuity processes.
- Ownership of the Information Security Compliance Vision, Strategy and Assurance for Bright house Financial including:
- Evaluation and interpretation for Brighthouse Financial of Industry Best Practices (NIST, ISO, SANS, COBIT, CERT) and
Compliance Requirements (Legislative, Regulatory – SOX, PCI, HIPPA, etc.).
- As appropriate - ownership, sponsorship, management, support and supervision of information security
assessments, audits and ongoing monitoring
- Information security threat and vulnerability management, incident reporting, event management, event
investigation and analysis
- Ownership of the information security remediation project portfolio
- Overall stewardship and sponsorship for Brighthouse Financial’ s Enterprise IT Risk strategy
- Ensuring that third party technology vendors are adhering to Brighthouse Financial’s security standards and practices, and that they can provide evidence of regular testing against those standards.
- Ownership of the portfolio of Information Security Policies, Procedures, Guidelines and Standards, including development, maintenance, communication and training.
- Ownership of the Information Security Architecture including all information security (technical, process) activities across all domains of information security: access control, connectivity/communications, security management, AD security, cryptography, operations, resiliency, designs and models, event management and physical security for Brighthouse Financial facilities, all data and third-party risk management to outsourced business and technology operations.
- Ownership of Business Operations and Technology Organizational Resiliency Assurance across organizational resiliency lifecycle functions from planning to training and education across all organizational resiliency domains in partnership with business leaders.
- Support for Technology Strategic Initiatives including the application and infrastructure establishment and simplification, strategic change management, merger and acquisition activity, etc.
- Intelligent, articulate and persuasive leader with excellent interpersonal, verbal and written communication and presentation skills. Must serve as an effective member of the senior management team with the ability to communicate security-related concepts, state of security and risks, what a cost effective program looks like and their role in it - to a broad range of stakeholders including: a Board of Directors, senior business executives, technical and non-technical staff / associates, customers, business partners, vendors, etc.
- 15+ years of broad technology experience in application development and infrastructure services with a strong record of success in managing information security. Specific focus on resiliency / continuity planning, auditing and risk management preferred. Should have experience managing complex information technology programs, preferably within the financial services or information security industries.
- Accomplished and effective change leader with people management responsibility and ability to implement and drive adoption of risk management programs as required for Brighthouse Financial. Manages across vendor sourced solutions and consultants, ensuring vendor performance and deliverables meet specifications. Must direct members across the organization, ensuring alignment of resources across functions and matrix. Creative, innovative and thorough approach with the ability to operate autonomously.
- Deep working knowledge of industry best practices (NIST, ISO, SANS, COBIT, CERT) and Legislative and Regulatory and Industry Compliance Requirements (Sox, PCI, HIPPA, etc.).
- Bachelor’s degree and related field experience required, MBA or other advanced degree preferred.
- Thinks Strategically – Sets direction aligned to the company’s strategy, applying external and global perspective to meet local and global needs.
- Creates Partnerships – Authentically builds trusted relationships and collaborates across global, diverse and multi-functional teams to successfully drive business objectives.
- Models our Values – Creates a culture that promotes the company’s values and standards through role modeling, accountability and ownership of decisions.
- Drives Results – Sets aggressive goals and is accountable for continuously driving improved performance, leading change and ensuring high standards.
- Reports to: SVP/CIO
- Direct reports/team: TBD
- Key Stakeholders: Business Unit Leaders, Technology Leadership Team, CEO
In January 2016, MetLife announced a plan to pursue the separation of a substantial portion of its U.S. Retail segment. The new company, Brighthouse Financial, will be a major U.S. life insurance and annuity company, with $240 billion of total assets and approximately 2.6 million insurance policies and annuity contracts.
Brighthouse Financial will serve customers the way they want, need and deserve. It will focus on eliminating the complexity, confusion and cost that can get in the way of many Americans who are seeking financial security. We will bring products to the market that add value to our customers’ lives, and will be guided by a common set of values that focus on the customer and drive accountability.
MetLife is a proud equal opportunity/affirmative action employer committed to attracting, retaining, and maximizing the performance of a diverse and inclusive workforce. It is MetLife's policy to ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.
MetLife maintains a drug-free workplace.
For immediate consideration, click the Apply Now button. You will be directed to complete an on-line profile. Upon completion, you will receive an automated confirmation email verifying you have successfully applied to the job.
MetLife offers life insurance, disability income insurance, car insurance, employee benefits and more.