Cybersecurity GRC Specialist

Cybersecurity GRC Specialist at MetLife Legal Plans

The Cybersecurity GRC Specialist is responsible for managing and strengthening MetLife Legal Plans' Technology Governance, Risk, and Compliance (GRC) program. This role helps ensure the organization effectively identifies, assesses, and mitigates technology and cybersecurity risks while maintaining compliance with regulatory requirements, industry standards, and internal policies.

This individual plays a key role in protecting MetLife Legal Plans’ information assets by developing and maintaining risk management frameworks, overseeing security and compliance initiatives, and partnering with technology, legal, and business teams to integrate security best practices across the organization.

The Cybersecurity GRC Specialist also supports the organization’s Third-Party Risk Management (TPRM) program, ensuring that vendors, partners, and sponsors meet required security and risk standards before and during their engagement with the organization.

A successful candidate will have a strong background in IT risk management, cybersecurity, and information security governance, along with the ability to communicate effectively with both technical and non-technical stakeholders. Staying informed about emerging threats, evolving regulatory requirements, and industry best practices is essential to this role.

A Day in the Life of a Cybersecurity GRC Specialist at MetLife Legal Plans

• Risk Management Leadership
  • Support the development and ongoing maturity of MLP’s IT risk management framework
  • Conduct and oversee risk assessments to identify potential threats, vulnerabilities, and business impacts across systems and data environments
• Security Policy Development
  • Contribute to the development, maintenance, and enforcement of IT security policies, standards, and procedures
  • Ensure policies align with regulatory requirements, internal governance standards, and industry best practices
• Security Architecture and Design
  • Provide guidance on secure system and application design
  • Partner with IT teams to ensure security controls are incorporated into infrastructure, systems, and application development
• Security Awareness and Training
  • Support the development and delivery of security awareness programs for employees
  • Promote a culture of security and risk awareness across the organization
• Incident Response Support
  • Assist in the development and maintenance of incident response procedures
  • Participate in security incident investigations and response coordination as needed
• Compliance Oversight
  • Help ensure IT systems and security practices comply with applicable laws, regulations, and industry standards
  • Support internal and external audits and assist with remediation efforts when needed
• Third-Party Risk Management (TPRM)
  • Review vendor security documentation, certifications, and controls to ensure alignment with MLP security standards
  • Partner with procurement, legal, and technology teams to manage vendor risk throughout the vendor lifecycle
  • Support the continuous improvement of MLP’s third-party risk management program
• Security Technology Evaluation
  • Evaluate security technologies, tools, and solutions to strengthen the organization’s security posture
  • Stay informed on emerging cybersecurity trends and recommend improvements where appropriate
• Collaboration with IT Teams
  • Work closely with IT teams including infrastructure, application development, and network security
  • Provide guidance on security best practices and assist with implementing appropriate controls
• Security Risk Communication
  • Communicate technology and security risks to leadership and key stakeholders
  • Translate technical security concepts into clear business impact and risk language
• Security Questionnaire & Audit Management
  • Review and respond to security questionnaires from clients, sponsors, and partners
  • Evaluate vendor and partner security responses to assess risk exposure
  • Support internal and external audit activities, including documentation preparation and evidence collection
  • Partner with internal teams to address audit findings and strengthen controls
• Contract and Security Requirement Review
  • Support contract reviews to ensure appropriate security and risk management provisions are included
  • Collaborate with legal, procurement, and technology teams to align vendor agreements with security standards
• Continuous Improvement
  • Contribute to the ongoing improvement of MLP’s risk, security, and governance programs
  • Identify opportunities to enhance processes, controls, and risk visibility across the organization

Position Requirements

• 5+ years of experience in IT Governance, Risk, Compliance (GRC), cybersecurity, or information security
• Bachelor’s degree in Computer Science, Information Security, or related field preferred
• Security certifications such as CISSP, CISA, CRISC, or similar highly preferred
• Experience with Third-Party Risk Management (TPRM) programs
• Prior experience with the ISO 27001:2022 Framework
• Prior experience leading projects, initiatives, or mentoring team members preferred
• Occasional travel may be required (10% or less)

Who We Are

MetLife Legal Plans is the leading consumer legal service in the United States. Whether you are making a will after starting a family, negotiating the contract on your dream home, or just want the peace of mind of having our network of 18,000+ attorneys on your side, we make it easy and affordable to get quality legal help.

We are trusted by nearly 7 million families and more than 200 Fortune 500 companies who provide our service as an employee benefit.

It’s an exciting time to join our team. We are growing quickly and have a bold vision for our future as we evolve our company to dream bigger, move faster, and use creativity and technology to build products people love.

MLP's Success Principles

• We change and innovate for sustained performance
• We collaborate and empower each other to succeed
• We deliver for our customers

Key skills/competency

• IT GRC
• Cybersecurity Risk Management
• Compliance Frameworks (ISO 27001)
• Third-Party Risk Management (TPRM)
• Information Security Governance
• Security Policy Development
• Audit Management
• Incident Response Planning
• Security Awareness Training
• Stakeholder Communication