IT Risk and Controls Assessments Program Manager
New York, NY

Job Description

A career at New York Life offers many opportunities. To be part of a growing and successful business. To reach your full potential, whatever your specialty. Above all, to make a difference in the world by helping people achieve financial security. It's a career journey you can be proud of, and you'll find plenty of support along the way. Our development programs range from skill-building to management training, and we value our diverse and inclusive workplace where all voices can be heard. Recognized as one of Fortune's World's Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and service, supported by our Foundation. It all adds up to a rewarding career at a company where doing right by our customers is part of who we are, as a mutual company without outside shareholders. We invite you to bring your talents to New York Life, so we can continue to help families and businesses "Be Good At Life." To learn more, please visit LinkedIn, our Newsroom and the Careers page of www.NewYorkLife.com.

 

The IT Risk and Control Assessments - Program Manager is responsible for delivering on a program to evaluate and advise on technology risks and controls across New York Life and its subsidiaries.  This includes acting as an internal consultant to provide IT risk and control guidance, as well as performing and overseeing evaluations of control design and implementation.  This role will partner with stakeholders from business, technology and all three lines of defense to further strengthen the organization’s risk management capabilities and align with company objectives. 

A dedicated program manager is required to drive engagements across the Corporate and Insurance Technology areas. This individual is expected to leverage their IT risk and control knowledge and management experience to ensure delivery milestones are well defined, scoped, planned and tracked accordingly through completion. The ideal candidate is proactive, approach all things with a risk management perspective and strives for collaboration with stakeholders, chief risk officers and other risk management functions.

 

Responsibilities:

* Manage and deliver control design and implementation evaluations for technology initiatives
* Leverage IT Risk & Control Framework to manage technology and information security risk
* Align subsidiaries with the risk management capabilities of the parent company
* Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments
* Validate closure control risk remediation actions for completeness and sustainability
* Collaborate with operations, technology and corporate control functions to reach assessment needs
* Maintain deep understanding of organizational objectives, interactions, issues and risks
* Development, execution, and continued enhancement of strategy for function
* Serve as an advisory resource to business management on technology initiatives

 

Qualifications:

* Strong IT auditing or IT Risk Management experience of at least 8 years
* Bachelor’s degree in Information Technology/Systems, or related field
* Excellent interpersonal, communication, writing and organizational skills
* Ability to build partnerships and add value across businesses, technology groups, levels and disciplines
* IT control assessment experience with third-party hosted infrastructure and application solutions
* Proven technical knowledge of Information Security principles and processes
* Technical knowledge of applicable standards and regulatory requirements including, MAR/SOX, NIST, COBIT and ISO27000
* Knowledge of risks aligned with financial industries; preferably Insurance and Annuities
* Proven experience operating with a Governance, Risk & Compliance (GRC) framework
* Strong project management skills
* Ability to function independently with limited direction
* Ability to communicate complex Information Security risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them
* Ability to effectively evaluate and communicate risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed
* Ability to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impact
* Strong written, verbal communication and organizational skills as they will be working on multiple projects with technology stakeholders across the organization
* Preference for individuals holding either a CISA, CRISC, CISM, CISSP, or similar certification

SF:EF-

M

SF: LI-CC1

SF: EF-CC1

D1 #LI-MD1

EOE M/F/D/V

If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.