Senior Associate - Risk Management

About The Position

Requirements

• Master's degree in Cybersecurity, Computer Science, or related field (willing to accept foreign education equivalent) plus four (4) years of experience as a Senior Associate – Risk Management or related occupation conducting cybersecurity assessments, compliance management, reporting, and developing and automating security testing processes.
• Alternatively, a Bachelor’s degree in Cybersecurity, Computer Science or related field (willing to accept foreign education equivalent) plus 6 years of experience as a Senior Associate - Risk Management or related occupation conducting cybersecurity assessments, compliance management, reporting, and developing and automating security testing processes.
• Applying risk and control domain knowledge for Identity and Access Management (IAM), Vulnerability Management (VM), Logging and Monitoring (L&M), data protection, and cyber operations to develop risk measurement methodologies.
• Automating control implementation and managing effectiveness through assessments to ensure compliance and risk mitigation.
• Implementing onboarding/termination controls, privileged access controls, and role-based access controls.
• Designing and evaluating secure architectures for complex IT environments, focusing on hybrid infrastructures that integrate on-premises and cloud-based solutions.
• Utilizing industry standards and frameworks, including the NIST Cybersecurity Framework, ISO 27001, and NIST SP 800-37 & 800-53, to guide security governance and risk assessments.
• Utilizing advanced Microsoft Excel functionalities including macros, VLOOKUPs, pivot tables, and data visualization techniques for analytics and reporting.

Responsibilities

• Conduct cybersecurity risk assessments and control effectiveness assessments over critical applications, infrastructure, and enterprise processes.
• Perform compliance validations against these controls derived from applicable regulations (NYDFS, SOX, MAR) and ensure proper implementation of these security controls through evidence analysis.
• Design AI Governance model for securing AI assets of New York Life.
• Utilize understanding of AI cybersecurity risk and control frameworks to develop governance model including inventorying, risk and control assessments, and reporting.
• Create knowledge management AI model that consumes company risk and control data and learns from that to answer queries in natural language.
• Develop a model capable of answering in depth questions that typical audience groups (Executives, Asset Owners, Tech/Risk Teams) may ask.
• Create protected and controlled landscape for information exchanges.
• Streamline and automate cybersecurity residual risk and control effectiveness reporting by designing risk measurement methodologies/processes across various cyber domains and develop automated tableau-based dashboards to publish this information.
• Apply knowledge of AWS and DBMS to implement the underlying AWS database and connections to Tableau.

Benefits

• We provide a full package of benefits for employees – and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs.
• Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work.