Senior Associate - Risk Management

About The Position

Requirements

• Master's degree in Cybersecurity, Computer Science, or related field (willing to accept foreign education equivalent) plus four (4) years of experience as a Senior Associate – Risk Management or related occupation conducting cybersecurity assessments, compliance management, reporting, and developing and automating security testing processes.
• Alternatively, a Bachelor’s degree in Cybersecurity, Computer Science or related field (willing to accept foreign education equivalent) plus 6 years of experience as a Senior Associate - Risk Management or related occupation conducting cybersecurity assessments, compliance management, reporting, and developing and automating security testing processes.
• Experience applying risk and control domain knowledge for Identity and Access Management (IAM), Vulnerability Management (VM), Logging and Monitoring (L&M), data protection, and cyber operations to develop risk measurement methodologies.
• Experience automating control implementation and managing effectiveness through assessments to ensure compliance and risk mitigation.
• Experience implementing onboarding/termination controls, privileged access controls, and role-based access controls.
• Experience designing and evaluating secure architectures for complex IT environments, focusing on hybrid infrastructures that integrate on-premises and cloud-based solutions.
• Experience utilizing industry standards and frameworks, including the NIST Cybersecurity Framework, ISO 27001, and NIST SP 800-37 & 800-53, to guide security governance and risk assessments.
• Experience utilizing advanced Microsoft Excel functionalities including macros, VLOOKUPs, pivot tables, and data visualization techniques for analytics and reporting.

Responsibilities

• Conduct cybersecurity risk assessments and control effectiveness assessments over critical applications, infrastructure, and enterprise processes.
• Perform compliance validations against controls derived from applicable regulations (NYDFS, SOX, MAR) and ensure proper implementation of security controls through evidence analysis.
• Design AI Governance model for securing AI assets of New York Life, including inventorying, risk and control assessments, and reporting.
• Create knowledge management AI model that consumes company risk and control data and learns from that to answer queries in natural language.
• Develop a model capable of answering in-depth questions that typical audience groups (Executives, Asset Owners, Tech/Risk Teams) may ask.
• Create protected and controlled landscape for information exchanges.
• Streamline and automate cybersecurity residual risk and control effectiveness reporting by designing risk measurement methodologies/processes across various cyber domains.
• Develop automated tableau-based dashboards to publish risk and control effectiveness information.
• Apply knowledge of AWS and DBMS to implement the underlying AWS database and connections to Tableau.

Benefits

• leave programs
• adoption assistance
• student loan repayment programs