Senior Director of Cyber Security

MetLife Legal Plans is currently hiring a Senior Director of Cyber Security for our growing Technology Department.

This position is fully remote – the ideal candidate may be located anywhere in the continental United States.

This individual will report directly into our Chief Technology Officer.

Who We Are:

MetLife Legal Plans is the country’s largest provider of legal voluntary benefits. We have more than 40 years of experience in employee legal services and are committed to providing excellent care to our plan members, sponsors and 18,000+ attorneys.

We are trusted by nearly 7 million families and more than 200 Fortune 500 companies who offer our service as an employee benefit.

It’s an exciting time to join our team. We are growing quickly and have a bold vision for our future as we evolve our company to dream bigger, move faster, and use creativity and technology to build products people love.

MLP’s Core 4:
• Put customers first
• Be the Best
• Make things easier
• Succeed together

A Day in the Life of our Senior Director of Cyber Security at MetLife Legal Plans:

We are seeking an experienced, strategic, and hands-on Senior Director of Cyber Security to lead our enterprise-wide cyber security initiatives. This role is responsible for establishing and evolving robust cyber security best practices, creating a secure digital environment, and safeguarding our critical assets. The ideal candidate will combine deep technical expertise with exceptional leadership skills to build and manage a high-performing security team that proactively addresses current threats and anticipates future challenges.

Key Responsibilities:

Develop and Execute Cyber Security Strategy:
• Design and implement a comprehensive cyber security roadmap that aligns with the overall business strategy and risk appetite.
• Establish and enforce cyber security best practices, standards, policies, and procedures across the organization.
• Align cyber security strategy with industry frameworks (e.g., NIST, ISO/IEC 27001, CIS Controls) and regulatory requirements.

Security Architecture & Governance:
• Oversee the design and maintenance of a secure, resilient IT infrastructure by integrating security into all phases of system development and deployment.
• Establish and maintain rigorous security governance by developing risk assessment methodologies, monitoring, and reporting mechanisms.
• Collaborate with IT, compliance, and legal teams to ensure robust security controls are in place and are being effectively monitored.

Risk Management & Incident Response:
• Lead the identification, evaluation, and mitigation of cyber threats and vulnerabilities across the enterprise.
• Develop and manage an incident response and business continuity strategy to ensure rapid and effective response to security breaches.
• Implement and refine proactive measures such as threat intelligence, penetration testing, vulnerability management, and continuous monitoring.

Team Leadership and Development:
• Build, mentor, and manage a world-class cyber security team, fostering a culture of continuous learning and proactive security awareness.
• Provide strategic direction, guidance, and performance management to ensure the team delivers on key security initiatives.
• Collaborate with cross-functional teams to drive a security-first mindset across the organization.

Stakeholder Engagement and Communication:
• Serve as the primary liaison with executive leadership, clearly communicating risk, security posture, and the impact of cyber security initiatives to non-technical stakeholders.
• Present regular updates and recommendations to the Board of Directors, executives, and other key stakeholders.
• Coordinate with external partners, auditors, and regulatory bodies to ensure compliance and promote industry’s best practices.

Required Qualifications:
• Bachelor’s or master’s degree in computer science, Information Security, or a related discipline.
• 8+ years of progressive experience in cyber security with a proven track record of leadership in a complex, enterprise-level environment.
• Deep expertise certifications in security architecture, risk management, incident response, and regulatory compliance (e.g., Certified Information Services Professional – CISSP, Certified Governance, Risk Management, and Compliance – CGRC, AWS Certified Solutions Architect Associate, AZ-900 Microsoft Azure Fundamentals, GDPR, HIPAA).
• Strong familiarity with industry-standard frameworks such as NIST, ISO/IEC 27001, CIS Controls, and related security methodologies.
• Demonstrated ability to design and implement robust security strategies that balance operational agility with risk management.
• Excellent communication and interpersonal skills, with the ability to translate complex technical concepts for a non-technical audience.

Preferred Qualifications:
• Professional certifications such as CISSP, CISM, CISA, CGRC or equivalent.
• Experience working in regulated industries (e.g., finance, healthcare, technology) with stringent compliance requirements.
• Proven experience in leading digital transformation initiatives with security integration.
• Hands-on experience with advanced security tools and technologies, including SIEM, threat intelligence platforms, and vulnerability management systems.

Travel:

Occasional travel is required for conferences, training, and stakeholder meetings.

Note: This job description in no way states or implies that these are the only duties to be performed by the associate in this position. Associates will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. All duties and responsibilities are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbent will possess the skills, aptitude, and ability to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an “at-will” relationship.