Share this Job

Leader of Cybersecurity Technology

Req Id:  2762
Job Location: 

Charlotte, NC, US, 28277

Brighthouse Financial is on a mission to help people achieve financial security. As one of the largest providers of annuities and life insurance in the U.S., we specialize in products designed to help people protect what they’ve earned and ensure it lasts. We are built on a foundation of experience and knowledge, which allows us to keep our promises and provide the value they deserve.

 

At Brighthouse Financial, we’re fostering a culture where diverse backgrounds and experiences are celebrated, and different ideas are heard and respected. We believe that by creating an inclusive workplace, we’re better able to attract and retain our talent, provide valuable solutions that meet the needs of our advisors and their clients, and deliver on our mission of helping more people achieve financial security. We’re seeking passionate, high-performing team member to join us. Sound like you? Read on.

 

How This Role Contributes to Brighthouse Financial:

Brighthouse Financial formally separated from MetLife in August, 2017. Since that time, the organization has established independent capabilities across business functions, operations, and technology. In creating these independent capabilities, Brighthouse has pursued a cloud-based, largely software-as-a-service technology platform. Brighthouse’s Information Security organization, also established during this time and led by the Chief Information Security Officer (“CISO”), is tasked with securing the technology services and data assets in this platform.

 

Reporting to the CISO, the Leader of Cybersecurity Assurance and Resilience will provide leadership over the design and implementation of Cybersecurity capabilities at Brighthouse. The individual will also define, and lead implementation of information security standards aligned to the NIST Cyber security framework for capabilities related to data security, email protection, end-point protection, application security, network security, cloud (IaaS, SaaS) security, and privileged access. S/he will manage associated programs and develop and implement required processes, procedures and tools to deploy these standards. In defining and implementing these NIST-based security standards, this individual will also provide overviews to Brighthouse’s IT Risk Director to allow for assessment of the completeness and effectiveness of these standards.

 

S/he will serve as the principal liaison to managed security service providers, third-party security vendors, and Brighthouse’s technology infrastructure teams. S/he will serve as a liaison with project teams in those groups to design and implement security controls developed by the information security organization. It is, therefore, critical that this individual have at least working knowledge of other technology functions (e.g., technology infrastructure, business platforms) and has demonstrated strong collaboration across these types of teams previously.

 

Key Responsibilities:

 

Oversight and management security architecture, engineering and build out of preventative information security capabilities:

  • Define, develop and implement data security standards including data classification, encryption, data loss prevention, data access governance for structure and unstructured data and monitoring to prevent data related security incidents
  • Define, develop and implement end-point security standards including personal firewall, personal proxy, cloud access governance, host-based security controls such as anti-virus, disk encryption, and privileged access management
  • Define and develop standards for end-point detection and response (EDR) capability to protect servers and end-user workstations from cyber threats. As appropriate, provide inputs into teams responsible for the deployment of these capabilities (e.g., technology infrastructure)
  • Collaborate with enterprise architecture to define, and improve enterprise security architecture, align enterprise architecture to enable the information security strategy and emerging risks
  • Manage a small team of security engineers to ensure proper implementation and operational readiness of security capabilities to be managed by third-party service providers.
  • Define the application security standards and collaborate with project team to ensure adoption of these standards within the software delivery lifecycle (“SDLC”). Ensure the appropriate stage gates are in place throughout the SDLC to establish proper security controls, and that evidence is produced showing those controls have been met.
  • Provide to project and operational teams security advice, guidance, technical expertise and risk analysis as well as support with remediation requirements.
  • Define metrics, gather and regularly report to CISO on operating effectiveness of information security controls managed by MSP and other IT partners

 

Leadership Competencies:

  • Thinks Strategically – Sets direction aligned to the company’s business and security strategy, applying external and global perspective to meet our needs.
  • Technical Leadership - Nurtures/enforces and monitors the product technical excellence and high quality, cultivates team spirit, team work and desire for innovative solutions.
  • Creates Partnerships – Authentically builds trusted relationships and collaborates across diverse and multi-functional internal and vendor teams to successfully drive business objectives.
  • Models our Values – Creates a culture that promotes the company’s values and standards through role modeling, accountability and ownership of decisions.
  • Drives Results – Sets aggressive goals and is accountable for continuously driving improved performance, leading change and ensuring high standards.

 

Essential Business Experience and Technical Skills:

  • Intelligent and persuasive leader with good interpersonal, verbal and written communication and presentation skills.
  • 10-15 years of broad technology experience in application development and infrastructure services with a strong record of success in managing information security. Specific focus on incident detection and response, auditing and risk management preferred. Should have experience managing complex information technology programs, preferably within the financial services or information security industries.
  • Accomplished and effective change leader with people management responsibility and ability to implement and drive adoption of risk management programs as required for Brighthouse Financial.
  • Manages across vendor sourced solutions and consultants, ensuring vendor performance and deliverables meet specifications. Must direct members across the organization, ensuring alignment of resources across functions and matrix. Creative, innovative and thorough approach with the ability to operate autonomously.
  • Sound working knowledge of industry best practices (NIST, ISO, SANS, COBIT, CERT) and Legislative and Regulatory and Industry Compliance Requirements (Sox, PCI, HIPPA, etc.).
  • Bachelor’s degree and/or related field experience required, MBA or other advanced degree preferred.

 

Travel:

 

 

Up to 10%