Data Protection & Security Analytics

New York Life Insurance Company (“New York Life” or “the company”) is the largest mutual life insurance company in the United States*. Founded in 1845, New York Life is headquartered in New York City, maintains offices in all fifty states, and owns Seguros Monterey New York Life in Mexico.

New York Life is one of the most financially strong and highly capitalized insurers in the business. The company reported 2014 operating earnings of $2.021 billion. Total assets under management at year end 2014, with affiliates, totaled $552.82 billion. New York Life holds the highest possible financial strength ratings currently awarded to any life insurer from all four of the major ratings agencies: A.M. Best, A++; Fitch AAA; Moody’s Aaa; Standard & Poor’s AA+. (Source: Individual Third Party Ratings Report as of 8/11/15).

Financial strength, integrity and humanity—the values upon which New York Life was founded—have guided the company’s decisions and actions for 170 years.

The Data Protection & Security Analytics Senior Specialist provides daily oversight of the organization’s Data Protection program and is accountable for the establishment, growth, and maintenance of program documentation and strategy. This role will be accountable for assisting cybersecurity triage and incident response activities as well as assisting in post incident review and risk management activities. This role will have an understanding of data protection strategies such as data loss prevention (DLP), cloud security, database security, and mobile device data protection. To provide wholistic data protection services this role will be accountable for the establishment and routine measurement of cybersecurity data and metrics associated with cybersecurity events, incidents, and external managed security service providers (MSSPs) to the group.

Key Responsibilites

  • Accountable for the development and execution of program strategy
  • Manages a team of cybersecurity professionals and interfaces with senior management
  • Assists in event and incident analysis to identify and classify cyber security incidents
  • Provides policy administration and management for security tools including DLP, cloud, and mobile security technologies
  • Provides itegrative services to internal business units and external subsidiaries with a business risk-centric approach
  • Provides timely and relevant updates to appropriate stakeholders and decision makers
  • Compiles and analyzes data for management reporting and metrics
  • Analyzes potential impact of new threats and communicates risks via appropriate channels
  • Stays up to date on current attack trends through independent research
  • Interfaces wth external managed security service providers to establish, collect, and govern cybersecurity metrics and reporting

Required Skills / Knowledge

  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • Proficiency in working in a fast-paced, complex, dynamic, multicultural business environment
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An ability to work extremely well under pressure while maintaining a professional image and approach
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • A team-focused mentality with the proven ability to work effectively with diverse stakeholders
  • Ability to consume and synthesize threat intelligence and emerging threats to the business
  • Understanding of attacker methodology
  • Knowledge of and an active interest in: information security; cyber crime; electronic fraud and information security trends
  • Knowledge of data protection strategies, regulations, and technologies
  • An ability to perform independent analysis of complex problems, identify root causes and propose solutions

Previous Experience

  • 10+ years of experience in data protection / data governance
  • 5+ years of experience with regulatory compliance and information security management frameworks desired (e.g., IS027000, COBIT, NIST Cyber Security Framework, NIST 800-61 r.2, NIST 800-83 etc.)
  • 3+ years of people management experience

Required Qualifications

  • Certified Information Systems Security Professional (CISSP) and/or Global Information Assurance Certification (GIAC).
  • GIAC Certified Incident Handler (GCIH)
  • BS or MA in Computer Science, Information Security, or a related field

SF:LI-KV1

SF:MON1-KV1

EOE M/F/D/V

If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.

  • Based on revenue as reported by “Fortune 500, Ranked within Industries, Insurance: Life, Health (Mutual),” Fortune Magazine, June 15, 2015. See http://fortune.com/fortune500/2015/ for methodology.

1. Operating earnings is the key measure use by management to track Company’s profitability from ongoing operations and underlying profitability of the business. This indicator is based on generally accepted accounting principles in the US(GAAP), with certain adjustments Company believes to be appropriate as a measurement approach ( non GAAP), primarily the removal of gains or losses on investments and related adjustments.

2. Assets under management represent Consolidated Domestic and International insurance Company Statutory assets (cash and invested assets and separate account assets) and third party assets principally managed by New York Life Investment management Holdings LLC, a wholly owned subsidiary of New York Life Insurance Company.


Back to top