IT Risk and Cybersecurity Specialist

  • Competitive
  • Jersey City, NJ, États-Unis
  • CDI, Plein-temps
  • New York Life Insurance Company
  • 20 oct. 17 2017-10-20

IT Risk and Cybersecurity Specialist

New York Life Insurance Company ("New York Life" or "the company") is the largest mutual life insurance company in the United States*. Founded in 1845, New York Life is headquartered in New York City, maintains offices in all fifty states, and owns Seguros Monterrey New York Life in Mexico.

New York Life is one of the most financially strong and highly capitalized insurers in the business. The company reported 2016 operating earnings of $1.954 billion. Total assets under management at year end 2016, with affiliates, totaled $538 billion. As of year-end 2016, New York Life's surplus was $23.336 billion**. New York Life holds the highest possible financial strength ratings currently awarded to any life insurer from all four of the major ratings agencies: A.M. Best, A++; Fitch AAA; Moody's Aaa; Standard & Poor's AA+. (Source: Individual Third Party Ratings Report as of 8/17/16).

Financial strength, integrity and humanity-the values upon which New York Life was founded-have guided the company's decisions and actions for over 170 years.
The IT Risk and Cybersecurity Specialist is a member of the IT Risk and Controls Assessment team. The Risk and Controls Assessment team is responsible for managing the New York Life IT Risk and Control Framework as well as providing governance and oversight of the assessments performed by the first line of defense teams. This individual will also be responsible for conducting independent risk and control assessments across all technology layers and validating whether action plans being implemented by the first line of defense teams adequately address cybersecurity risks.

Main responsibilities include:

  • Act as the primary liaison to work with NYL Technology and Subsidiaries on IT Risk and Control initiatives
  • Oversee the execution of the IT Risk and Controls Self Assessment Program (RCSA) processes for applications, infrastructure and processes
  • Perform evidence based assessments of applications, infrastructure and processes
  • Provide advices and recommendations to business leaders for decisions regarding Criticality, Inherent, and Residual Risk scoring
  • Oversee the maintenance of a consolidated IT risk control framework
  • Monitor the implementation of controls for technology and business project plans
  • Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments
  • Validate asset and control risk remediation actions for completeness and sustainability
  • Conduct analysis of assessment results to identify recurring risk themes
  • Improve and develop reporting of risk and control metrics
  • Act as the first escalation point for risks and issues interacting with the business
  • Escalate issues to senior management and the IT Risk Assessments Lead as appropriate
  • Make moderate IT risk and business decisions; working with other IT groups to ensure solid cross-functional decisions are made as a team
  • Work as a member of the team, performing functions such as point of contact for questions on risk assessments, control deficiencies, policies, etc., and providing other necessary activities to ensure the success of the IT Risk and Control program

  • 3-5 years
  • BA/BS required in Computer Information Systems, Business, Finance, or related field
  • CISSP, CISM, CRISC, CISA preferred
  • Prior risk management and/or consulting experience
  • Moderate understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, etc.).
  • Moderate level knowledge and understanding of systems architecture, infrastructure, security and applications
  • Prior participation in planning, organizing, and conducting detailed IT Risk and Control Reviews
  • Prior participation in performing and documenting business process and technology process walkthroughs
  • Prior participation in creating testing procedures and documenting substantive testing performed
  • Prior participation in performing application and infrastructure layer control assessments
  • Ability to work with team members and stakeholders in resolving issues and providing solutions
  • Ability to make tactical decisions in the implementation of the Risk and Controls Assessment process
  • This individual requires strong personal, communication, writing and organizational skills as they will be working closely with technology stakeholders across the organization.
  • Ability to communicate IT Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them
  • Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed


If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.

* Based on revenue as reported by "Fortune 500, ranked within Industries, Insurance: Life, Health (Mutual)," Fortune Magazine, June 17, 2016. See for methodology.
** Total surplus, which includes the Asset Valuation Reserve, is one of the key indicators of the company's long-term financial strength and stability and is presented on a consolidated basis of the company.
1. Operating earnings is the key measure use by management to track Company's profitability from ongoing operations and underlying profitability of the business. This indicator is based on generally accepted accounting principles in the US (GAAP), with certain adjustments Company believes to be appropriate as a measurement approach (non GAAP), primarily the removal of gains or losses on investments and related adjustments.
2. Assets under management represent Consolidated Domestic and International insurance Company Statutory assets (cash and invested assets and separate account assets) and third party assets principally managed by New York Life Investment management Holdings LLC, a wholly owned subsidiary of New York Life Insurance Company.