Job Directory IT Risk and Control Assessments Program Associate

IT Risk and Control Assessments Program Associate
New York, NY

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.


Job Description

A career at New York Life offers many opportunities. To be part of a growing and successful business. To reach your full potential, whatever your specialty. Above all, to make a difference in the world by helping people achieve financial security. It's a career journey you can be proud of, and you'll find plenty of support along the way. Our development programs range from skill-building to management training, and we value our diverse and inclusive workplace where all voices can be heard. Recognized as one of Fortune's World's Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and service, supported by our Foundation. It all adds up to a rewarding career at a company where doing right by our customers is part of who we are, as a mutual company without outside shareholders. We invite you to bring your talents to New York Life, so we can continue to help families and businesses "Be Good At Life." To learn more, please visit LinkedIn, our Newsroom and the Careers page of

Job Description

The IT Risk and Control Assessments - Program Associate is responsible for delivering on a program to evaluate and advise on technology risks and controls across New York Life and its subsidiaries.  This includes acting as an internal consultant to provide IT risk and control guidance, as well as performing evaluations of control design and implementation.  This role will partner with stakeholders from business, technology and all three lines of defense to further strengthen the organization’s risk management capabilities and align with company objectives. 

A dedicated program associate is required to deliver on engagements across the Corporate and Insurance Technology areas. This individual is expected to leverage their IT risk and control knowledge and assessment experience to ensure delivery milestones are well defined, scoped, planned and tracked accordingly through completion. The ideal candidate is proactive, approach all things with a risk management perspective and strives for collaboration with stakeholders.


* Deliver control design and implementation evaluations for technology initiatives
* Leverage IT Risk & Control Framework to manage technology and information security risk
* Assist in aligning subsidiaries with the risk management capabilities of the parent company
* Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments
* Validate asset and control risk remediation actions for completeness and sustainability
* Collaborate with operations, technology and corporate control functions to reach assessment needs
* Execution and continued enhancement of strategy for function
* Maintain understanding of organizational objectives, interactions, known issues and risks
* Serve as an advisory resource to business units on technology initiatives


* Strong IT auditing or IT Risk Management experience of at least 3 years
* Bachelor’s degree in Information Technology/Systems, or related field
* Excellent interpersonal, communication, writing and organizational skills
* Ability to build partnerships and add value across businesses, technology groups, levels and disciplines
* IT control assessment experience with third-party hosted infrastructure and application solutions
* Proven technical knowledge of Information Security principles and processes
* Technical knowledge of applicable standards and regulatory requirements including, MAR/SOX, NIST, COBIT and ISO27000
* Knowledge of risks aligned with financial industries; preferably Insurance and Annuities
* Proven experience operating with a Governance, Risk & Compliance (GRC) framework
* Strong project management skills
* Ability to function independently with limited direction
* Ability to communicate complex Information Security risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them
* Ability to effectively evaluate and communicate risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed
* Ability to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impact
* Strong written, verbal communication and organizational skills as they will be working on multiple projects with technology stakeholders across the organization
* Preference for individuals holding either a CISA, CRISC, CISM, CISSP, or similar certification


If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.