IT Risk & Cybersecurity Application Specialist

New York Life Insurance Company

New York Life Insurance Company is the largest mutual life insurance company in the United States. Founded in 1845 and headquartered in New York City, New York Life reported 2017 operating earnings of $2.06 billion. Total assets under management at year end 2017, with affiliates, totaled $586 billion.

New York Life Insurance Company is the largest mutual life insurance company in the United States. Founded in 1845 and headquartered in New York City, New York Life reported 2017 operating earnings of $2.06 billion.

Total assets under management at year end 2017, with affiliates, totaled $586 billion. New York Life holds the highest possible financial strength ratings currently awarded to any life insurer from all four of the major ratings agencies: A.M. Best, A++; Fitch AAA; Moody’s Aaa; Standard & Poor’s AA+ (Source: Individual independent rating agency commentary as of 8/1/17).

Financial strength, integrity and humanity-the values upon which New York Life was founded-have guided the company’s decisions and actions for over 170 years.

Description:

The IT Risk and Cybersecurity Application Specialist is a member of the IT Risk and Controls Assessment team. The Risk and Controls Assessment team is responsible for managing the New York Life IT Risk and Control Framework as well as providing governance and oversight of the assessments performed by the first line of defense teams. This individual will also be responsible for conducting independent risk and control assessments across all technology layers and validating whether action plans being implemented by the first line of defense teams adequately address cybersecurity risks.

Main Responsibilities:

• Act as the primary liaison to work with NYL Technology and Subsidiaries on IT Risk and Control initiatives
• Oversee the execution of the IT Risk and Controls Self Assessment Program (RCSA) processes for applications, infrastructure and processes
• Perform evidence based assessments of applications, infrastructure and processes
• Provide advices and recommendations to business leaders for decisions regarding Criticality, Inherent, and Residual Risk scoring
• Oversee the maintenance of a consolidated IT risk control framework
• Monitor the implementation of controls for technology and business project plans
• Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments
• Validate asset and control risk remediation actions for completeness and sustainability
• Conduct analysis of assessment results to identify recurring risk themes
• Improve and develop reporting of risk and control metrics
• Act as the first escalation point for risks and issues interacting with the business
• Escalate issues to senior management and the IT Risk Assessments Lead as appropriate
• Make moderate IT risk and business decisions; working with other IT groups to ensure solid cross-functional decisions are made as a team
• Work as a member of the team, performing functions such as point of contact for questions on risk assessments, control deficiencies, policies, etc., and providing other necessary activities to ensure the success of the IT Risk and Control program

Qualifications:
• 4+ years of experience
• BA/BS in Computer Information Systems, Business, Finance, or related field
• CISSP, CISM, CRISC, CISA preferred
• Prior risk management and/or consulting experience
• Moderate understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, etc.).
• Moderate level knowledge and understanding of systems architecture, infrastructure, security and applications
• Prior participation in planning, organizing, and conducting detailed IT Risk and Control Reviews
• Prior participation in performing and documenting business process and technology process walkthroughs
• Prior participation in creating testing procedures and documenting substantive testing performed
• Prior participation in performing application and infrastructure layer control assessments
• Ability to work with team members and stakeholders in resolving issues and providing solutions
• Ability to make tactical decisions in the implementation of the Risk and Controls Assessment process
• Ability to communicate IT Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them
• Ability to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed
• Strong personal, communication, writing and organizational skills SF:LI-MD1 SF:EF-MD1

You must register to apply for this job.

Share: