Associate - Risk Management

New York Life•White Plains, NY

19h•Onsite

About The Position

This role involves conducting cybersecurity risk and control effectiveness assessments for critical applications, infrastructure, and enterprise processes. The position requires performing compliance validations against controls derived from regulations such as NY DFS, SOX, and MAR, and ensuring the proper implementation of security controls through evidence analysis. A key responsibility is to streamline cybersecurity risk and control reporting by designing metrics across various cyber domains including Identity and Access Management (IAM), Vulnerability Management (VM), Logging and Monitoring (L&M), data protection, and cyber operations. The role also includes developing tableau-based dashboards for tailored audience groups, designing an AI governance model, building and maintaining backend code for metrics automation, conducting manual security testing for web applications and APIs, and aligning initiatives with business objectives. Additionally, the Associate will develop and validate sub-controls for risk and controls assessment workbooks.

Requirements

Master's degree in Cybersecurity, Computer Science or related field (willing to accept foreign education equivalent) plus two (2) years of experience as an Associate - Risk Management or related occupation conducting cybersecurity assessments, compliance management, reporting, and developing and automating security testing processes.
Alternatively, a Bachelor’s degree Cybersecurity, Computer Science or related field (willing to accept foreign education equivalent) plus four (4) years of experience as an Associate - Risk Management or related occupation conducting cybersecurity assessments, compliance management, reporting, and developing and automating security testing processes.
Utilizing cybersecurity domain knowledge including Identity and Access Management (IAM), Vulnerability Management (VM), Logging and Monitoring (L&M), data protection, and cyber operations for risk assessments and compliance validations.
Utilizing NIST Cybersecurity Framework and ISO 27001, 800-37, and 800-53 to perform assessments and contribute to the evolution of the organization’s controls library.
Conducting vulnerability assessments for web application security, cryptography, authentication and authorization protocols, automation, network security and web APIs.
Scripting in Python to automate risk management processes.
AWS Solutions Architect – Associate certification.
Certified Ethical Hacker (CEH) certification.
ISO/IEC 27001 – Information Security Management System certification.

Responsibilities

Conduct cybersecurity risk and control effectiveness assessments over critical applications, infrastructure, and enterprise processes.
Perform compliance validations against controls derived from applicable regulations (NY DFS, SOX, MAR) and ensure proper implementation of security controls through evidence analysis.
Streamline cybersecurity risk and control reporting by designing metrics across various cyber domains including Identity and Access Management (IAM), Vulnerability Management (VM), Logging and Monitoring (L&M), data protection, and cyber operations.
Develop tableau-based dashboards to publish metrics for tailored audience groups including executive, asset owners, and first and second line of defense at New York Life.
Design the AI governance model for securing AI assets of New York Life.
Build, improve and maintain the backend code for the designed metrics to automate processes and optimize workflows.
Conduct manual security testing for web applications and web services/APIs and align initiatives with business needs and contribute to the security measures that support business objectives.
Develop, validate, and actively work with the team on assessing and delivering sub-controls for risk and controls assessment workbooks.