Apply on Employer Site

Apogem Capital · 3 hours ago

Corporate Vice President - Technology and Cybersecurity Assessment & Oversight (TCAO) Manager

New York, United States

Full-time

Hybrid

Senior Level, Lead/Staff

$130K/yr - $185K/yr

8+ years exp

Apogem Capital is part of New York Life, and they are seeking a Corporate Vice President - Technology and Cybersecurity Assessment & Oversight (TCAO) Manager to play a pivotal role in safeguarding the company's strategic goals. The role involves analyzing and mitigating potential risks, maintaining the IT Risk and Controls Catalog, and providing governance over technology and cybersecurity risks.

Financial Services

H1B Sponsor Likely

Responsibilities

Maintain, enhance, and govern the enterprise Technology and Cybersecurity Risk framework to ensure alignment with New York Life policies, standards, industry frameworks and best practices, and regulatory expectations

Develop, update, and document risk assessment methodologies, including inherent risk, control effectiveness, and residual risk models

Ensure risk frameworks and methodologies evolve to address emerging technologies and risks, including Cloud computing, Artificial Intelligence, data security risks, etc

Monitor industry trends, regulatory guidance, and leading practices to continuously strengthen risk assessment approaches

Apply risk models consistently to calculate inherent and residual risk and support risk-based decision-making

Produce timely, accurate, and insightful risk reporting for senior management, risk committees, and technology leadership

Translate complex technical risks into clear, actionable insights for non-technical stakeholders

Provide risk-prioritized recommendations that support informed technology and business decisions

Serve as a trusted risk advisor to Technology, Cybersecurity, and business partners

Own and maintain the IT Risk and Controls Catalog, ensuring risks, controls, and control mappings remain accurate, complete, and current

Partner with Technology and Cybersecurity teams to validate risk and control definitions and ensure consistency across control frameworks

Align the catalog with relevant regulatory, industry, and internal control requirements (e.g., NIST, ISO, CSA, internal standards)

Provide independent risk oversight of targeted technology controls and IT project implementations

Partner with Risk and Technology teams to manage and execute targeted technology and cybersecurity risk and control assessments, ensuring scope, testing approaches, and conclusions are risk-based and defensible

Evaluate the design and operating effectiveness of key technology and cybersecurity controls

Ensure identified issues are clearly documented, risk-rated, and aligned to enterprise issue management standards

Identify opportunities to streamline, automate, and enhance risk assessment processes and reporting

Contribute to the ongoing maturity of the Technology and Cybersecurity Risk program through improved tooling, metrics, and analytics

Promote a strong risk culture by embedding risk considerations into technology planning and execution

Qualification

IT Risk AssessmentCybersecurity FrameworksRisk ReportingCloud ComputingArtificial IntelligenceRisk ManagementCISSP CertificationMicrosoft Office SuiteCommunication SkillsInterpersonal SkillsOrganizational Skills

Required

At least 8 years with strong IT and cybersecurity risk assessment experience

Prior risk management, audit and/or consulting experience

Prior experience with designing and maintaining technology risk frameworks, with a strong understanding of key industry control frameworks (e.g., NIST CSF, ISO 27000, CSA CCM, CIS Controls, NIST AI, OWASP LLM Top 10, etc.)

Prior experience in managing, performing and documenting business, technology and cybersecurity process walkthroughs, designing and executing control evaluations, analyzing results and providing recommendations

Bachelor's degree in information technology/systems, Cybersecurity, Risk Management, Business Management, Finance, or related field

Strong knowledge and understanding of cybersecurity, systems architecture, infrastructure, security and applications

Ability to communicate IT Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them

Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed

Ability to work with team members and stakeholders in resolving issues and providing recommendations

Excellent interpersonal communication, writing and organizational skills

Ability to build partnerships and add value across businesses, technology groups, levels and disciplines

Familiar with relevant regulatory requirements (e.g., HIPAA, NYS DFS Cyber Regulation, etc.)

Proficient in Microsoft Office Suite

Familiar with using ChatGPT, MS CoPilot, Gemini and other AI assistants

Preferred

Certifications CISSP, CISM, CCSP, CRISC or CISA preferred

Benefits

Leave programs

Adoption assistance

Student loan repayment programs

Company

Apogem Capital

Apogem Capital is an alternatives investor, with decades of experience investing in the middle market.

Founded in 2022

New York, New York, USA

201-500 employees

https://apogemcapital.com/

H1B Sponsorship

Apogem Capital has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2024 (1)

2022 (1)