Cybersecurity Risk Analyst: Third-Party Risk Management

Job Description

Company: Metlife

Location: Noida, IN

Role Value Proposition

This role plays a critical part in strengthening MetLifes cybersecurity posture by identifying, assessing, and mitigating risks associated with third-party relationships.

The Cybersecurity Risk

Analyst will influence risk-informed decision-making by translating complex technical risks into clear business insights for senior leadership.

Key Responsibilities

• Evaluate multiple cybersecurity risk inputs including vulnerability assessments, threat intelligence, and third-party risk reviews.

• Provide clear, risk-based recommendations on remediation strategies and next steps aligned with business priorities.

• Assess and manage emerging third-party cybersecurity vulnerabilities and associated risks.

• Partner with technology, procurement, legal, and business teams to support third-party risk management activities.

• Prepare executive-ready risk summaries and presentations for senior leadership and governance forums.

• Track remediation efforts and ensure timely risk closure in accordance with MetLife policies and standards.

• Contribute to the continuous improvement of cybersecurity risk frameworks, processes, and reporting.

Essential Business Experience and Technical Skills

• 5+ years of experience in cybersecurity risk management, third-party risk management, or a related discipline.

• Demonstrated experience evaluating complex risk scenarios and delivering actionable, business-aligned recommendations.

• Strong knowledge of third-party/vendor risk management concepts, controls, and assessment methodologies.

• Experience working with emerging vulnerabilities and evolving threat landscapes.

• Proven ability to communicate complex cybersecurity risks clearly to senior leaders and non-technical stakeholders.

• Familiarity with industry standards and frameworks such as NIST, ISO 27001, SOC 2, and FAIR.

• Strong analytical, documentation, and stakeholder management skills.

Education & Certifications

• Bachelors degree in Information Security, Computer Science, Engineering, or a related field.

• Professional certifications such as CISSP, CISM, CRISC, or CISA are preferred.

Source: BeBee