Share this Job

Cybersecurity Governance Specialist

Req Id:  2905
Job Location: 

Charlotte, NC, US, 28277

Brighthouse Financial is on a mission to help people achieve financial security. As one of the largest providers of annuities and life insurance in the U.S., we specialize in products designed to help people protect what they’ve earned and ensure it lasts. We are built on a foundation of experience and knowledge, which allows us to keep our promises and provide the value they deserve.


At Brighthouse Financial, we’re fostering a culture where diverse backgrounds and experiences are celebrated, and different ideas are heard and respected. We believe that by creating an inclusive workplace, we’re better able to attract and retain our talent, provide valuable solutions that meet the needs of our advisors and their clients, and deliver on our mission of helping more people achieve financial security. We’re seeking passionate, high-performing team member to join us. Sound like you? Read on. 


How This Role Contributes to Brighthouse Financial:

Three lines of defense: The way it’s supposed to work

  • First Line of Defense - The business line “owns” its risk, insofar as it acknowledges and manages the risk it incurs in pursuing its activities. This entails evaluating and monitoring controls for User Provisioning, Segregation of Duties, and Security Administration.
  • The Second Line of Defense – this governance and risk management function is responsible for further identifying, assessing, monitoring, and reporting risk on an enterprise-wide basis independent of the first line of defense. The IT governance function is considered part of the second line of defense.
  • The Third Line of Defense - The internal audit function conducts risk-based and general audits and reviews to reassure the board that the overall governance framework, including the risk governance framework, is effective and that policies and processes are in place and consistently applied.

We are searching for an Associate to align with our Second Line of Defense responsibilities.


Work Location:

To protect the health and safety of our employees, our offices are closed until at least May 2021. When our offices reopen, the individual hired for this role will be based in our Charlotte, NC office.


Key Responsibilities:

  • Produce reports for KRIs and KPIs for measuring and monitoring cyber risks on a continuous basis.
  • Provide and perform independent assurance and validation activities over common cybersecurity controls that include both administrative and technical.
  • Become aware of the critical and highly sensitive processes & controls.
  • Support selected cyber security remediation efforts, involved with strategic planning with 1LOD.
  • Assess the accuracy, completeness, and sufficiency of the risk management governance framework, processes and methodologies. Identify and define emerging cyber threats and risks to the environment
  • Proactively manage open issues to facilitate their timely resolution. Special focus would be given to issues meeting the following criteria:
    • Mission-Critical issues
    • Past-due issues (Mission-Critical, High, Medium, and Low)
    • High, medium and low-importance issues with due dates within the next month
    • Issues would be discussed during the weekly team meeting.
  • Provide governance, oversight, and a credible challenge to the process and risk decisions associated with a multi-vendor approach.


Essential Business Experience and Technical Skills:

  • Solid foundation in information technology and information security principles. Familiar with common cybersecurity frameworks and standards such as PCIDSS, ISO 27000 series, CIS Security Controls, NYDFS, and/or NIST Framework for Improving CIS.
  • Requires a broad understanding of technical security concepts and familiarity with related technologies, as well as a solid conceptual knowledge of enterprise IT system operations.
  • Communicates in a timely and straightforward manner.
  • Probes for additional information, clarifies assumptions and confirms agreed-upon actions.
  • Keeps everyone involved informed about progress and issues.
  • Communicates the importance and benefits of risk management to counterparts.
  • Ability to analyze root causes of cyber security issues and documenting remediation
  • High degree of initiative, dependability and ability to work with little supervision.
  • Analyzes documentation for evidence of successful and efficient performance.
  • Executes risk management process and procedures without management direction and demonstrates awareness of expected results.
  • Understands regulations impacting supported areas.
  • Follows through to meet commitments to others.
  • Knows who to reach out to inside and outside of one’s team to get work done.
  • Assists in the collection and initial analysis of data, preparation of business owner control surveys.
  • Develops training on policies and procedures concerning controls and risk management.
  • Reports audit results and determines corrective action plans, as necessary.
  • Reviews current policies and procedures to identify process gaps and opportunities for improvement.
  • Works with the business to understand the controls currently in place to minimize risk.
  • Ability to build credibility with, collaborate with, and influence line of business solution owners.
  • Stays current with industry and regulatory trends and emerging risk issues.
  • Excellent written and verbal communication skills.
  • Proficient in common cybersecurity domains: data protection, access control, encryption, identify management, security operations, application security, penetration tests, end-point security, vulnerability management, threat intelligence, risk assessment.
  • Proficient in Excel, Word, PowerPoint, Outlook, SharePoint


Our Benefits:

  • Time Off: Minimum of 20 days of paid time off and 13 paid company holidays per full calendar year, plus paid volunteer time
  • Financial Benefits: 401(k) savings plan with up to a 6% annual match and 3% annual company nondiscretionary contribution of eligible compensation, annual incentive plan, and employee stock purchase plan
  • Family Focus: Up to 16 weeks of paid leave for new parents, back-up care program, dependent care flexible spending account, and adoption and surrogacy assistance
  • Health and Welfare: Competitive medical, vision and dental plans, plus tax-free health savings accounts with potential company contributions up to $1,000 per family
  • Wellness Programs: Wellness incentive platform, employee assistance program, financial counseling services, fitness center discounts and more
  • Life & Disability Benefits: Company-paid basic life insurance and short-term disability



Less than 5%


Number of Openings:




Nearest Major Market: Charlotte

Job Segment: Developer, Law, Risk Management, Sharepoint, Internal Audit, Technology, Legal, Finance