Brighthouse Financial is on a mission to help people achieve financial security. As one of the largest providers of annuities and life insurance in the U.S., we specialize in products designed to help people protect what theyve earned and ensure it lasts. We are built on a foundation of experience and knowledge, which allows us to keep our promises and provide the value they deserve.

At Brighthouse Financial, were fostering a culture where diverse backgrounds and experiences are celebrated, and different ideas are heard and respected. We believe that by creating an inclusive workplace, were better able to attract and retain our talent, provide valuable solutions that meet the needs of our advisors and their clients, and deliver on our mission of helping more people achieve financial security. Were seeking passionate, high-performing team member to join us. Sound like you? Read on.

How This Role Contributes to Brighthouse Financial:

Reporting into the Chief Information Security Officer (CISO) of Brighthouse Financial, the Manager of IT Risk Management will support the development, implementation and enhancements of the IT Risk Management program and framework to effectively manage risks across IT processes and systems that support business operations.

The Manager will lead a lean, cross-functional internal team that is supported by service providers. The Manager will also be responsible for collaborating with several Brighthouse Financial risk functions including cybersecurity, operational risk management, architecture, legal, compliance, third party risk management, audit functions as well as the GRC solution enablement team.

Key Responsibilities:

The Manager will be responsible for developing and implementing the strategic plan for IT Risk Management using leading practices and methodologies to support and achieve long-range organizational goals. As part of implementing and enhancing the program and framework, the Manager should:

• Serve as the primary IT Risk Management subject matter advisor for Brighthouse Financial
• Perform a semi-annual IT Risk Assessment while partnering with multiple risk functions in line with regulatory requirements (i.e. NY-DFS) to assess risk across all IT domains
• Identify specific IT Risk observations and collaborate with the risk management organization to remediate high risk issues and document results and findings in OpenPages.
• Provide guidance and direction for the IT Risk Management program, including the development and implementation of IT risk methodologies, guidelines, procedures, processes, controls, reporting and leading practices
• Ensure that such practices fully align with Company-wide Operational Risk Management practices and methods
• Develop methodology and lead effort to create Application Profiles for Brighthouses inventory of applications leveraging existing risk attributes and processes and enable within OpenPages
• Act as the IT risk management liaison between various business groups and risk functions dealing with IT risk matters
• Facilitate IT risk assessment/analysis and issues management for IT risks leveraging OpenPagesAct as governing body for IT risk monitoring of status on progress against the risk framework
• Assist with the design and coordination of IT risk reporting to Brighthouse key stakeholders and the linkages into full Company level risk reporting
• Participate actively in the Governance, Risk and Compliance (GRC) Design Group and GRC Working Group helping set requirements and drive consistent usage of the central GRC tool (OpenPages)
• Develop, implement and manage an IT Risk awareness program
• Train and develop IT Risk Management team members

Essential Business Experience and Technical Skills:

Bachelors degree in a relevant field (e.g., Information Systems, Business Administration, or related major). 6+ years of professional experience in IT Risk Management and/or IT Audit, or Risk Management broadly, particularly in the financial services industry. Ability to communicate and navigate across cross-functional teams Thorough understanding of risk management practices, including the lifecycle of risk identification, assessment, mitigation, acceptance, remediation as well as inherent and residual risks. Proven experience in planning, organizing, and developing Risk Management solutions in multiple business verticals and horizontals. Prior experience with IBMs OpenPages Risk Management tool (or similar GRC tools). Knowledge of laws, regulations, guidelines, and frameworks within the financial services industry that mandate information security and information risk management requirements such as NY-DFS, FFIEC, NIST, COBIT, ISO27001, GLBA, OCC Heightened Standards, etc. Ability to effectively oversee concurrent activities and a team of direct reports including team management and development. Enjoys working in a growth oriented, entrepreneurial, high-energy environment. Certification(s) preferred - Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC)

Travel:

Less than 5%