Information Technology Asset and Controls Assessment - Senior Associate
New York Life Insurance Company ("New York Life" or "the company") is the largest mutual life insurance company in the United States*. Founded in 1845, New York Life is headquartered in New York City, maintains offices in all fifty states, and owns Seguros Monterrey New York Life in Mexico.
New York Life is one of the most financially strong and highly capitalized insurers in the business. The company reported 2016 operating earnings of $1.954 billion. Total assets under management at year end 2016, with affiliates, totaled $538 billion. As of year-end 2016, New York Life's surplus was $23.336 billion. New York Life holds the highest possible financial strength ratings currently awarded to any life insurer from all four of the major ratings agencies: A.M. Best, A++; Fitch AAA; Moody's Aaa; Standard & Poor's AA+. (Source: Individual Third Party Ratings Report as of 8/17/16).
Financial strength, integrity and humanity—the values upon which New York Life was founded—have guided the company's decisions and actions for over 170 years.
The IT Risk Assessment professional is a contributor to a new team of 4 risk assessors which is needed to build out the Risk and Controls Self Assessment Program (RCSA). This individual will oversee and provide guidance to the assessments performed by each technology group (1st line of defense). This individual will also be responsible for conducting independent assessments and validation of the work being performed by technology to identify gaps. If control gaps are identified, this individual will help understand and determine the best course of action for remediation.
- Acting as the primary liaison to work with NYL Enterprise and Subsidiaries on IT Risk and Control initiatives
- Execution of operating model for the Risk and Controls Self Assessment Program (RCSA) processes for assets, applications, devices, and processes for NYL Enterprise and Subsidiaries
- Verification of accuracy and completion of IT asset owner information for the Information Risk and Controls Self Assessments Program
- Provide opinions and recommendations to business leaders for decisions regarding Criticality, Inherent, and Residual Risk scoring
- Oversee the update and maintenance of a consolidated risk control framework
- Monitoring the implementation of controls for technology and business project plan
- Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments
- Validation of asset and control risk remediation actions for completeness and sustainability
- Conduct analysis of assessment results to identify recurring risk themes
- Improve and develop reporting of risk and control metrics
- Acting as the first escalation point for risks and issues interacting with the business
- Escalate issues to senior management and the IT Risk Assessments Lead as appropriate
- Making moderate IT risk and business decisions; working with other IT groups to ensure solid cross-functional decisions are made as a team
- Work as a member of the team, performing functions such as point of contact for questions on risk assessments, control deficiencies, policies, etc., and providing other necessary activities to ensure the success of the IT Risk and Control program
- BA/BS required in Computer Information Systems, Business, Finance, or related field
- CISSP, CISM, CRISC, CISA preferred
- Prior risk management and/or consulting experience
- Moderate understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, etc.).
- Moderate level knowledge and understanding of systems architecture, infrastructure, security and applications
- Prior participation in planning, organizing, and conducting detailed IT Risk and Control Reviews
- Prior participation in performing and documenting business process and technology process walkthroughs
- Prior participation in creating testing procedures and documenting substantive testing performed
- Prior participation in performing application and infrastructure layer control assessments
- Ability to work with team members and stakeholders in resolving issues and providing solutions
- Ability to make tactical decisions in the implementation of the Risk and Controls Assessment process
- This individual requires strong personal, communication, writing and organizational skills as they will be working closely with technology stakeholders across the organization.
- Ability to communicate moderate IS Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them
- Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed
If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.
- Based on revenue as reported by "Fortune 500, ranked within Industries, Insurance: Life, Health (Mutual)," Fortune Magazine, June 17, 2016. See http://fortune.com/fortune500/ for methodology.
Total surplus, which includes the Asset Valuation Reserve, is one of the key indicators of the company's long-term financial strength and stability and is presented on a consolidated basis of the company.
Operating earnings is the key measure use by management to track Company's profitability from ongoing operations and underlying profitability of the business. This indicator is based on generally accepted accounting principles in the US (GAAP), with certain adjustments Company believes to be appropriate as a measurement approach (non GAAP), primarily the removal of gains or losses on investments and related adjustments.
- Assets under management represent Consolidated Domestic and International insurance Company Statutory assets (cash and invested assets and separate account assets) and third party assets principally managed by New York Life Investment management Holdings LLC, a wholly owned subsidiary of New York Life Insurance Company.
Meet Some of New York Life Technology's Employees
HR Business Partner
As an HR Business Partner to New York Life's Technology Team, Chester is a valued partner who delivers services to support the team's objectives and employees.
Back to top