New York Life Insurance Company IT Risk and Controls Assessments Program Manager in New York, New York
A career at New York Life at https://www.newyorklife.com/ offers many opportunities. To be part of a growing and successful business. To reach your full potential, whatever your specialty. Above all, to make a difference in the world by helping people achieve financial security. It’s a career journey you can be proud of, and you’ll find plenty of support along the way. Our development programs range from skill-building to management training, and we value our diverse and inclusive workplace at https://www.newyorklife.com/about/careers/diversity/ where all voices can be heard. Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and service, supported by our Foundation at https://www.newyorklife.com/foundation .It all adds up to a rewarding career at a company where doing right by our customers is part of who we are, as a mutual company without outside shareholders. We invite you to bring your talents to New York Life, so we can continue to help families and businesses “Be Good At Life.” To learn more, please visit LinkedIn at https://www.linkedin.com/company/newyorklife/ , our Newsroom at https://www.newyorklife.com/newsroom/ and the Careers at https://www.newyorklife.com/about/careers/ page of www.NewYorkLife.com at http://www.newyorklife.com/ .
The IT Risk and Control Assessments - Program Manager is responsible for delivering on a program to evaluate and advise on technology risks and controls across New York Life and its subsidiaries. This includes acting as an internal consultant to provide IT risk and control guidance, as well as performing and overseeing evaluations of control design and implementation. This role will partner with stakeholders from business, technology and all three lines of defense to further strengthen the organization’s risk management capabilities and align with company objectives.
A dedicated program manager is required to drive engagements across the Corporate and Insurance Technology areas. This individual is expected to leverage their IT risk and control knowledge and management experience to ensure delivery milestones are well defined, scoped, planned and tracked accordingly through completion. The ideal candidate is proactive, approach all things with a risk management perspective and strives for collaboration with stakeholders, chief risk officers and other risk management functions.
Manage and deliver control design and implementation evaluations for technology initiatives
Leverage IT Risk & Control Framework to manage technology and information security risk
Align subsidiaries with the risk management capabilities of the parent company
Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments
Validate closure control risk remediation actions for completeness and sustainability
Collaborate with operations, technology and corporate control functions to reach assessment needs
Maintain deep understanding of organizational objectives, interactions, issues and risks
Development, execution, and continued enhancement of strategy for function
Serve as an advisory resource to business management on technology initiatives
Strong IT auditing or IT Risk Management experience of at least 8 years
Bachelor’s degree in Information Technology/Systems, or related field
Excellent interpersonal, communication, writing and organizational skills
Ability to build partnerships and add value across businesses, technology groups, levels and disciplines
IT control assessment experience with third-party hosted infrastructure and application solutions
Proven technical knowledge of Information Security principles and processes
Technical knowledge of applicable standards and regulatory requirements including, MAR/SOX, NIST, COBIT and ISO27000
Knowledge of risks aligned with financial industries; preferably Insurance and Annuities
Proven experience operating with a Governance, Risk & Compliance (GRC) framework
Strong project management skills
Ability to function independently with limited direction
Ability to communicate complex Information Security risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them
Ability to effectively evaluate and communicate risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed
Ability to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impact
Strong written, verbal communication and organizational skills as they will be working on multiple projects with technology stakeholders across the organization
Preference for individuals holding either a CISA, CRISC, CISM, CISSP, or similar certification
If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.