Apply on Employer Site

New York Life Insurance Company · 4 days ago

Corporate Vice President - Technology and Cybersecurity Assessment & Oversight (TCAO) Manager

United States

Full-time

Remote

Senior Level, Lead/Staff

$130K/yr - $185K/yr

8+ years exp

New York Life Insurance Company is a long-established firm focused on financial security and risk management. They are seeking a Corporate Vice President to lead the Technology and Cybersecurity Assessment & Oversight team, responsible for managing the organization's risk frameworks and methodologies while ensuring compliance with policies and regulatory standards.

FinanceFinancial ServicesInsurance

H1B Sponsor Likely

Responsibilities

Maintain, enhance, and govern the enterprise Technology and Cybersecurity Risk framework to ensure alignment with New York Life policies, standards, industry frameworks and best practices, and regulatory expectations

Develop, update, and document risk assessment methodologies, including inherent risk, control effectiveness, and residual risk models

Ensure risk frameworks and methodologies evolve to address emerging technologies and risks, including Cloud computing, Artificial Intelligence, data security risks, etc

Monitor industry trends, regulatory guidance, and leading practices to continuously strengthen risk assessment approaches

Apply risk models consistently to calculate inherent and residual risk and support risk-based decision-making

Produce timely, accurate, and insightful risk reporting for senior management, risk committees, and technology leadership

Translate complex technical risks into clear, actionable insights for non-technical stakeholders

Provide risk-prioritized recommendations that support informed technology and business decisions

Serve as a trusted risk advisor to Technology, Cybersecurity, and business partners

Own and maintain the IT Risk and Controls Catalog, ensuring risks, controls, and control mappings remain accurate, complete, and current

Partner with Technology and Cybersecurity teams to validate risk and control definitions and ensure consistency across control frameworks

Align the catalog with relevant regulatory, industry, and internal control requirements (e.g., NIST, ISO, CSA, internal standards)

Provide independent risk oversight of targeted technology controls and IT project implementations

Partner with Risk and Technology teams to manage and execute targeted technology and cybersecurity risk and control assessments, ensuring scope, testing approaches, and conclusions are risk-based and defensible

Evaluate the design and operating effectiveness of key technology and cybersecurity controls

Ensure identified issues are clearly documented, risk-rated, and aligned to enterprise issue management standards

Identify opportunities to streamline, automate, and enhance risk assessment processes and reporting

Contribute to the ongoing maturity of the Technology and Cybersecurity Risk program through improved tooling, metrics, and analytics

Promote a strong risk culture by embedding risk considerations into technology planning and execution

Qualification

IT Risk AssessmentCybersecurity FrameworksRisk ReportingControl EvaluationsCloud ComputingArtificial IntelligenceRisk Management ExperienceRegulatory ComplianceCISSP CertificationPartnership BuildingMicrosoft Office SuiteInterpersonal CommunicationOrganizational SkillsTeam CollaborationWriting Skills

Required

At least 8 years with strong IT and cybersecurity risk assessment experience

Prior risk management, audit and/or consulting experience

Prior experience with designing and maintaining technology risk frameworks, with a strong understanding of key industry control frameworks (e.g., NIST CSF, ISO 27000, CSA CCM, CIS Controls, NIST AI, OWASP LLM Top 10, etc.)

Prior experience in managing, performing and documenting business, technology and cybersecurity process walkthroughs, designing and executing control evaluations, analyzing results and providing recommendations

Bachelor's degree in information technology/systems, Cybersecurity, Risk Management, Business Management, Finance, or related field

Strong knowledge and understanding of cybersecurity, systems architecture, infrastructure, security and applications

Ability to communicate IT Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them

Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed

Ability to work with team members and stakeholders in resolving issues and providing recommendations

Excellent interpersonal communication, writing and organizational skills

Ability to build partnerships and add value across businesses, technology groups, levels and disciplines

Proficient in Microsoft Office Suite

Familiar with using ChatGPT, MS CoPilot, Gemini and other AI assistants

Preferred

Certifications CISSP, CISM, CCSP, CRISC or CISA preferred

Familiar with relevant regulatory requirements (e.g., HIPAA, NYS DFS Cyber Regulation, etc.)

Benefits

Leave programs

Adoption assistance

Student loan repayment programs

Annual discretionary bonus

Incentive program

Company

New York Life Insurance Company

For over 180 years, we’ve helped turn your biggest dreams into milestones that last a lifetime.

Founded in 1845

New York, New York, USA

10001+ employees

https://www.newyorklife.com/

H1B Sponsorship

New York Life Insurance Company has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (149)

2024 (99)

2023 (85)

2022 (77)

2021 (48)

2020 (65)