Corporate Vice President - Technology and Cybersecurity Assessment & Oversight (TCAO) Manager

New York LifeNew York, NY
47dHybrid
Match Resume

About The Position

As part of Risk Management, you'll play a pivotal role in safeguarding New York Life's strategic goals. By analyzing and mitigating potential risks, you contribute to three crucial areas: strengthening the company's defenses, informing sound business decisions, and advancing risk capabilities across the organization. Your expertise empowers informed risk-taking, fostering sustainable growth and protecting the financial security of millions of policy owners. The Technology and Cybersecurity Assessment & Oversight (TCAO) Manager is a key member of the Technology Risk team. The team is responsible for establishing and maintaining the organization’s Technology and Cybersecurity Risk framework and methodologies, as well as providing governance and oversight of cybersecurity project implementations and technology controls. This oversight ensures that relevant risks and controls are appropriately identified, assessed, and aligned with New York Life policies, standards, and control requirements. The TCAO Manager is responsible for maintaining the IT Risk and Controls Catalog and for updating and enhancing the risk methodologies and models used to assess inherent and residual risk. The role also includes delivering timely, accurate risk reporting and providing prioritized, actionable risk recommendations to technology stakeholders. Continuous enhancement of risk frameworks and models is expected to reflect evolving technologies and emerging risks, including those related to Cloud computing and Artificial Intelligence. In addition, the TCAO Manager provides governance over targeted technology domains by leading independent risk and control assessments and/or provide oversight to ensure controls are effectively mitigating risks and meeting internal, regulatory, and industry requirements.

Requirements

  • At least 8 years with strong IT and cybersecurity risk assessment experience, including:
  • Prior risk management, audit and/or consulting experience
  • Prior experience with designing and maintaining technology risk frameworks, with a strong understanding of key industry control frameworks (e.g., NIST CSF, ISO 27000, CSA CCM, CIS Controls, NIST AI, OWASP LLM Top 10, etc.)
  • Prior experience in managing, performing and documenting business, technology and cybersecurity process walkthroughs, designing and executing control evaluations, analyzing results and providing recommendations.
  • Bachelor’s degree in information technology/systems, Cybersecurity, Risk Management, Business Management, Finance, or related field
  • Strong knowledge and understanding of cybersecurity, systems architecture, infrastructure, security and applications.
  • Ability to communicate IT Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them.
  • Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed.
  • Ability to work with team members and stakeholders in resolving issues and providing recommendations.
  • Excellent interpersonal communication, writing and organizational skills.
  • Ability to build partnerships and add value across businesses, technology groups, levels and disciplines.
  • Familiar with relevant regulatory requirements (e.g., HIPAA, NYS DFS Cyber Regulation, etc.)
  • Proficient in Microsoft Office Suite, familiar with using ChatGPT, MS CoPilot, Gemini and other AI assistants.

Nice To Haves

  • Certifications CISSP, CISM, CCSP, CRISC or CISA preferred.

Responsibilities

  • Maintain, enhance, and govern the enterprise Technology and Cybersecurity Risk framework to ensure alignment with New York Life policies, standards, industry frameworks and best practices, and regulatory expectations.
  • Develop, update, and document risk assessment methodologies, including inherent risk, control effectiveness, and residual risk models.
  • Ensure risk frameworks and methodologies evolve to address emerging technologies and risks, including Cloud computing, Artificial Intelligence, data security risks, etc.
  • Monitor industry trends, regulatory guidance, and leading practices to continuously strengthen risk assessment approaches.
  • Apply risk models consistently to calculate inherent and residual risk and support risk-based decision-making.
  • Produce timely, accurate, and insightful risk reporting for senior management, risk committees, and technology leadership.
  • Translate complex technical risks into clear, actionable insights for non-technical stakeholders.
  • Provide risk-prioritized recommendations that support informed technology and business decisions.
  • Serve as a trusted risk advisor to Technology, Cybersecurity, and business partners.
  • Own and maintain the IT Risk and Controls Catalog, ensuring risks, controls, and control mappings remain accurate, complete, and current.
  • Partner with Technology and Cybersecurity teams to validate risk and control definitions and ensure consistency across control frameworks.
  • Align the catalog with relevant regulatory, industry, and internal control requirements (e.g., NIST, ISO, CSA, internal standards).
  • Provide independent risk oversight of targeted technology controls and IT project implementations.
  • Partner with Risk and Technology teams to manage and execute targeted technology and cybersecurity risk and control assessments, ensuring scope, testing approaches, and conclusions are risk-based and defensible.
  • Evaluate the design and operating effectiveness of key technology and cybersecurity controls.
  • Ensure identified issues are clearly documented, risk-rated, and aligned to enterprise issue management standards.
  • Identify opportunities to streamline, automate, and enhance risk assessment processes and reporting.
  • Contribute to the ongoing maturity of the Technology and Cybersecurity Risk program through improved tooling, metrics, and analytics.
  • Promote a strong risk culture by embedding risk considerations into technology planning and execution.

Benefits

  • We provide a full package of benefits for employees – and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs. Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Job Search Resources

Similar Corporate Vice President - Technology and Cybersecurity Assessment & Oversight (TCAO) Manager job opportunities

Cybersecurity Assessment Strategic Operations - Vice President
JPMorgan Chase & Co.
JPMorgan Chase & Co. • Columbus, OH13d
Cybersecurity Assessment Strategic Operations - Vice President
JPMorganChase
JPMorganChase • Columbus, OH12d
Cybersecurity Assessment Strategic Operations - Vice President
JPMorgan Chase & Co.
JPMorgan Chase & Co. • Columbus, OH13d
Corporate Vice President
New York Life
New York Life • New York, NY2d • $119,000 - $170,000 • Hybrid
Director of Digital Design Strategy and Innovation
New York Life
New York Life • New York, NY2d • $119,000 - $170,000 • Hybrid
Vice President, Technology
Stronghouse
Stronghouse • Oak Brook, IL7d • Onsite
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service