IT Risk Assessment and Advisory Senior Associate

  • Competitive
  • New York, NY, USA
  • Permanent, Full time
  • New York Life Insurance Company
  • 23 Oct 17 2017-10-23

IT Risk Assessment and Advisory Senior Associate

New York Life Insurance Company ("New York Life" or "the company") is the largest mutual life insurance company in the United States*. Founded in 1845, New York Life is headquartered in New York City, maintains offices in all fifty states, and owns Seguros Monterrey New York Life in Mexico.

New York Life is one of the most financially strong and highly capitalized insurers in the business. The company reported 2016 operating earnings of $1.954 billion. Total assets under management at year end 2016, with affiliates, totaled $538 billion. As of year-end 2016, New York Life's surplus was $23.336 billion**. New York Life holds the highest possible financial strength ratings currently awarded to any life insurer from all four of the major ratings agencies: A.M. Best, A++; Fitch AAA; Moody's Aaa; Standard & Poor's AA+. (Source: Individual Third Party Ratings Report as of 8/17/16).

Financial strength, integrity and humanity-the values upon which New York Life was founded-have guided the company's decisions and actions for over 170 years.

The IT Risk Assessment and Advisory Senior Associate is responsible for performing IT Risk Assessments for New York Life Investment Management (NYLIM) and its investment subsidiaries. This role reports directly to the Head of Technology Assessments for NYLIM within the 2nd line of defense, and will be key in driving IT Risk Assessments and IT risk advisory efforts. This includes acting as an internal consultant to provide IT risk and control guidance, as well as performing holistic control assessments (e.g., IT Control testing). This individual will partner with the first line of defense risk function to validate that action plans are appropriate to address the observations.

This role will interact heavily with business and technology stakeholders, in addition to other corporate risk and audit functions.


  • Assist NYLIM and its investment boutique subsidiaries with their assessment and remediation efforts and enhancing areas that require control improvements
  • Assist in aligning NYLIM Subsidiaries to the IT Risk and Control capabilities of the parent organization, NYL Corporate
  • Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments
  • Validate asset and control risk remediation actions for completeness and sustainability
  • Liaise with business, technology and other corporate areas as needed
  • Maintain deep understanding of organizational objectives, interactions, issues and risks
  • Serve as a contact to management on risk advisory initiatives
  • Establish/manage a communication/reporting process for risk assessments and advisory work
  • Work with other 1st and 2nd Line of Defense Risk Assessment staff, as needed

  • 3-5 years IT auditing or IT Risk experience in financial environments
  • Solid IT audit experience with network, infrastructure, database, cybersecurity, systems and application security
  • Proven technical knowledge of Information Security principles and processes
  • Technical knowledge of applicable standards and regulatory requirements including, MAR/SOX, NIST, COBIT and ISO27000
  • Experience with Third Party Risk Management/ third-party IT audits
  • Knowledge of risks aligned with financial industries; preferably Asset Management, and/or Insurance
  • Proven experience operating with a Governance, Risk & Compliance (GRC) framework
  • Strong project management skills
  • Ability to function independently with limited direction
  • Ability to communicate complex Information Security risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them
  • Ability to effectively evaluate and communicate risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed
  • Ability to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impact
  • This individual requires strong written, verbal communication and organizational skills as they will be working on multiple projects with technology stakeholders across the organization


If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.

* Based on revenue as reported by "Fortune 500, ranked within Industries, Insurance: Life, Health (Mutual)," Fortune Magazine, June 17, 2016. See for methodology.
** Total surplus, which includes the Asset Valuation Reserve, is one of the key indicators of the company's long-term financial strength and stability and is presented on a consolidated basis of the company.

1. Operating earnings is the key measure use by management to track Company's profitability from ongoing operations and underlying profitability of the business. This indicator is based on generally accepted accounting principles in the US (GAAP), with certain adjustments Company believes to be appropriate as a measurement approach (non GAAP), primarily the removal of gains or losses on investments and related adjustments.

2. Assets under management represent Consolidated Domestic and International insurance Company Statutory assets (cash and invested assets and separate account assets) and third party assets principally managed by New York Life Investment management Holdings LLC, a wholly owned subsidiary of New York Life Insurance Company.