IT Risk Management is a global organization that plays an important role in partnering with the business, IT, operations, and audit to ensure that management anticipates, recognizes, and appropriately manages risks. The IT Risk PCI Specialist has responsibility for the delivery and participation in implementing, managing and enforcing PCI compliance regulations, IT Assurance Testing, IT Audit Support and Facilitation, and other IT Risk Management assignments.
Support activities include the following:
Reviews of Information Technology (IT) Risk and Security processes/practices to ensure compliance with MetLife Policy, use of compliant best practices, procedural efficiency and accuracy;
Coordination and execution of annual PCI compliance assessments.
Participates consultatively in developing issue resolutions to the extent possible.
Conducts or assists in the conduct of quality assurance testing of the enterprise's operational and information systems' controls.
Participate in the PCI compliance program through the execution (individually or as part of a team) of both internal and external assessments.
Provide Process and Control Owners with feedback on assessments of their processes and controls including recommendations to ensure risks are identified, understood and managed.
Conduct detailed data security assessments including applications, servers, databases, and other network components and associated processes against the PCI DSS standards to identify areas of non-compliance.
Collection and quality assurance of evidence, penetration testing and observations associated with global PCI compliance related activities.
Essential Business Experience and Technical Skills:
3 -5 years’ experience in IT audit, IT, or IT Risk/Security
Possesses basic to intermediate-level understanding of IT general controls (security, change management, disaster backup recovery, data center, etc.), cybersecurity, privacy, and IT regulatory risks and controls.
Possesses fundamental understanding of PCI DSS framework.
Strong written and verbal communication skills, including listening and interviewing skills.
Earned or working towards CISA, CISSP or CISM certification.
PCI ISA or QSA designation
Possesses experience in IT, Information Security or IT Audit in large, complex organization
Internal Number: 114648
At MetLife, we put customers at the absolute center of everything we do. In fact, we believe technology will transform the customer experience and are investing nearly $300 million in new technologies that will help us innovate and develop new products and services to better serve our customers.We're actively seeking world-class talent for the GTO division, building a diverse, global and highly skilled workforce that is passionate about the same things we are — pushing ourselves to learn and grow, to be efficient, to share experiences and knowledge and to collaborate as a global team.