19 days old

Consultant, IT Risk Governance

Cary, NC
**Job Location:** United States : North Carolina : Cary

A candidate has been identified

**Role Value Proposition:**

This position will be part of the IT Risk Management group in IT Risk & Security, and is responsible for managing the application, infrastructure and control scope for an annual SOC2 report that will be produced over MetLifes IT services in alignment with the Companys IT Process, Risk, and Control (PRC) framework. This role will also be responsible for performing annual readiness testing to confirm that controls are operating effectively in advance of formal external audit activities. Candidates will be expected to interact with IT leadership and points of contact within IT to monitor control ownership and documentation, as well as extensive coordination with external auditors to ensure successful testing and reporting on a defined timeline. It is expected that this role will operate largely independently and provide regular status updates on all activities on a weekly basis to immediate management and may be required to report on a periodic basis to IT senior leadership.

Candidates will need to understand all parts of the typical IT audit process and be prepared to make compelling arguments in areas of scoping, controls design and operating effectiveness. Given the amount of coordination and reporting necessary, ideal candidates will be very organized and capable of working against a project plan with many concurrent workstreams. Communication and presentation skills will be necessary to provide reports to several layers of management and to collaborate with internal and external audit. Experience with documenting and testing the trust principals that are part of SOC2 is preferred. Coordination will be necessary with the other IT audits occurring in parallel to this report with the same external auditor. Exceptions identified during testing will require persistent follow-up between reports which will involve teaming with the IT Risk Guidance team.

**Key Responsibilities:**

+ Identify and manage the IT controls required for the SOC2 report in alignment with Company IT PRC

+ Maintain formal listing of in-scope systems and infrastructure to ensure proper scoping

+ Perform initial testing of all controls in scope for report on an annual basis

+ Facilitate audit activities to produce the SOC2 report annually

+ Report to management on status and results of readiness and formal audit activities

+ Maintain constant contact with control owners to monitor for changes.

+ Support the IT Risk Governance team in implementing a consistent and well documented IT control framework across the enterprise

**Essential Business Experience and Technical Skills:**

_Required _

+ 4+ years of experience in IT Audit required

+ 2+ years of experience working in IT in Security or IT Risk

_Preferred -_

+ Experience auditing the controls required for a SOC2

+ Experience with industry risk and control standards (ISO, NIST, COBIT, etc.)

+ Strong verbal and written communication and presentation skills

+ Effective project management skills to execute multiple separate work streams at one time

+ CISA, CPA, and/or CRISC Certification

**At MetLife, were leading the global transformation of an industry weve long defined. United in purpose, diverse in perspective, were dedicated to making a difference in the lives of our customers.**

MetLife is a proud equal opportunity/affirmative action employer committed to attracting, retaining, and maximizing the performance of a diverse and inclusive workforce. It is MetLife's policy to ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.

MetLife maintains a drug-free workplace.

**For immediate consideration, click the Apply Now button. You will be directed to complete an on-line profile. Upon completion, you will receive an automated confirmation email verifying you have successfully applied to the job.**

Requisition #: 87023


  • Accounting
  • Financial Services
  • Legal

Share this job:

Consultant, IT Risk Governance

Cary, NC

Share this job

Consultant, IT Risk Governance

Cary, NC

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast