search > Manhattan jobs > Manhattan miscellaneous jobs

Posted: Thursday, April 13, 2017 3:58 AM

New York Life Insurance Company (“New York Life†or “the companyâ€) is the largest mutual life insurance company in the United States*. Founded in 1845, New York Life is headquartered in New York City, maintains offices in all fifty states, and owns Seguros Monterrey New York Life in Mexico. New York Life is one of the most financially strong and highly capitalized insurers in the business. The company reported 2016 operating earnings of $1.954 billion. Total assets under management at year end 2016, with affiliates, totaled $538 billion.  As of year-end 2016, New York Life’s surplus was $23.336 billion**. New York Life holds the highest possible financial strength ratings currently awarded to any life insurer from all four of the major ratings agencies: A.M. Best, A++; Fitch AAA; Moody’s Aaa; Standard & Poor’s AA+. (Source: Individual Third Party Ratings Report as of 8/17/16). Financial strength, integrity and humanity—the values upon which New York Life was founded—have guided the company’s decisions and actions for over 170 years. The Third Party Information Security (IS) Manager will be a senior leader reporting directly to the Head of IT Risk and Controls, within Security & Risk. This individual is primarily responsible for defining and implementing the Third Party IS program for NYL and its subsidiaries, which includes establishing a holistic and comprehensive methodology (e.g., determining scope, performing assessments, onsite reviews, issue management, etc.) for assessing and managing third party IS/IT related risks throughout the entire lifecycle. The Third Party IS program will provide a common and consistent approach in effectively managing Third Party IS risk in accordance with internal policy and regulatory requirements, in alignment with the Enterprise Wide Third Party Risk Management Office (TPRMO), driven by Corporate Services. Responsibilities:Responsibilities include understanding the organization’s risk agenda, technology road map, working with the Third Party Risk Management Office (TPRMO), lines-of-business Vendor Relationship Managers, IT/IS risk management and the external vendors to efficiently accomplish the following:• Defining and documenting the methodology and requirements to perform Third Party IS assessments, to ensure the protection of the confidentiality, integrity and availability of data• Defining an annual plan and scope of Third Party IS reviews that will be performed• Perform due diligence and security assessments on new and existing service providers (reviews and re-reviews)• Report on assessment outcomes, risk level and associated recommendations• Define appropriate risk levels and corrective actions, when issues are identified. Perform follow up as required• Managing the retention of evidence identified and obtained during Third Party IS assessments• Participate in the definition of strategic roadmaps and manage accordingly• Prepare detailed summary metrics and reporting on a regular basis (KPI / KRI)• Contribute to the permanent improvement of the supplier risk management program (process, framework, indicators, etc.)• Promote a risk-awareness culture to ensure efficient and effective risk and compliance management practices by adhering to required standards and processes• Maintain broad knowledge of best practices and trends in the field of Third Party Information Security• Work as the Subject Matter Expert (SME) for the Third Party IS program and manage activities delegated by the Head of IT Risk and Controls Management• Define the resource requirements against plan, and build out the Third Party IS/IT team as appropriate• Coordinate Third Party IS Risk Management activities with other internal (e.g., CAD, FCU, Corporate Services, Operational Risk Management) and external (e.g., External Auditor) functions as appropriate• Work to support the corporate wide Third Party Risk Management initiatives (e.g., implementation of the SRM tool to support IS assessments)• Escalate risks and issues to the Head of IT Risk and Controls, as appropriate Qualifications:BA/BS required in Computer Information Systems, Business, Finance, or related fieldCISSP, CISM, CRISC, CISA preferredUnderstanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, etc.).High level knowledge and understanding of systems architecture, infrastructure, security and applicationsExperience in reviewing Service Organization Controls (SOC) reports (e.g., SSAE16s)Knowledge of various assessment types (e.g., Share Assessments for vendors, self-assessments, audits, vulnerability assessments, penetration tests, third-party assurance)Experience in planning, organizing, and conducting on site Third Party Assessments and ReviewsComprehensive knowledge of IT and business functions, including a understanding of IT domains, threats and assetsAbility to interpret and understand IS policies and standardsPrior experience in managing teams in a direct or matrix capacityDrives the strategy of the Third Party Information Security programAbility to manage large scale projects and managementAbility to manage staffing and financial resources in alignment to the broader team strategyAbility to communicate complex IS Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to themAble to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed SF:LI-JS1 EOE M/F/D/V If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811. *Based on revenue as reported by “Fortune 500, ranked within Industries, Insurance: Life, Health (Mutual),†Fortune Magazine, June 17, 2016. See  for methodology.**Total surplus, which includes the Asset Valuation Reserve, is one of the key indicators of the company’s long-term financial strength and stability and is presented on a consolidated basis of the company.1. Operating earnings is the key measure use by management to track Company’s profitability from ongoing operations and underlying profitability of the business. This indicator is based on generally accepted accounting principles in the US (GAAP), with certain adjustments Company believes to be appropriate as a measurement approach (non GAAP), primarily the removal of gains or losses on investments and related adjustments.2. Assets under management represent Consolidated Domestic and International insurance Company Statutory assets (cash and invested assets and separate account assets) and third party assets principally managed by New York Life Investment management Holdings LLC, a wholly owned subsidiary of New York Life Insurance Company. .

Apply now at:

• Location: Manhattan

• Post ID: 96222381 manhattan is an interactive computer service that enables access by multiple users and should not be treated as the publisher or speaker of any information provided by another information content provider. © 2017