Senior Associate- Technology and Cybersecurity Assessment & Oversight (TCAO) Manager

Location Designation: Hybrid - 3 days per quarter
This is a hybrid position. You will be required to come to the NY Office 3 times per Quarter.
As part of Risk Management, you'll play a pivotal role in safeguarding New York Life's strategic goals. By analyzing and mitigating potential risks, you contribute to three crucial areas: strengthening the company's defenses, informing sound business decisions, and advancing risk capabilities across the organization. Your expertise empowers informed risk-taking, fostering sustainable growth and protecting the financial security of millions of policy owners.
Role Overview:
The Technology and Cybersecurity Assessment & Oversight (TCAO) Manager is a key member of the Technology Risk team. The team is responsible for establishing and maintaining the organization's Technology and Cybersecurity Risk framework and methodologies, as well as providing governance and oversight of cybersecurity project implementations and technology controls. This oversight ensures that relevant risks and controls are appropriately identified, assessed, and aligned with New York Life policies, standards, and control requirements.
The TCAO Manager is responsible for maintaining the IT Risk and Controls Catalog and for updating and enhancing the risk methodologies and models used to assess inherent and residual risk. The role also includes delivering timely, accurate risk reporting and providing prioritized, actionable risk recommendations to technology stakeholders. Continuous enhancement of risk frameworks and models is expected to reflect evolving technologies and emerging risks, including those related to Cloud computing and Artificial Intelligence.
In addition, the TCAO Manager provides governance over targeted technology domains by leading independent risk and control assessments and/or provide oversight to ensure controls are effectively mitigating risks and meeting internal, regulatory, and industry requirements.
What You'll Do:

• Technology & Cybersecurity Risk Frameworks and Methodologies
• Maintain, enhance, and govern the enterprise Technology and Cybersecurity Risk framework to ensure alignment with New York Life policies, standards, industry frameworks and best practices, and regulatory expectations.
• Develop, update, and document risk assessment methodologies, including inherent risk, control effectiveness, and residual risk models.
• Ensure risk frameworks and methodologies evolve to address emerging technologies and risks, including Cloud computing, Artificial Intelligence, data security risks, etc.
• Monitor industry trends, regulatory guidance, and leading practices to continuously strengthen risk assessment approaches.
• Risk Analysis, Reporting & Stakeholder Engagement
• Apply risk models consistently to calculate inherent and residual risk and support risk-based decision-making.
• Produce timely, accurate, and insightful risk reporting for senior management, risk committees, and technology leadership.
• Translate complex technical risks into clear, actionable insights for non-technical stakeholders.
• Provide risk-prioritized recommendations that support informed technology and business decisions.
• Serve as a trusted risk advisor to Technology, Cybersecurity, and business partners.
• IT Risk and Controls Catalog Management
• Own and maintain the IT Risk and Controls Catalog, ensuring risks, controls, and control mappings remain accurate, complete, and current.
• Partner with Technology and Cybersecurity teams to validate risk and control definitions and ensure consistency across control frameworks.
• Align the catalog with relevant regulatory, industry, and internal control requirements (e.g., NIST, ISO, CSA, internal standards).
• Risk and Control Governance & Oversight
• Provide independent risk oversight of targeted technology controls and IT project implementations.
• Partner with Risk and Technology teams to manage and execute targeted technology and cybersecurity risk and control assessments, ensuring scope, testing approaches, and conclusions are risk-based and defensible.
• Evaluate the design and operating effectiveness of key technology and cybersecurity controls.
• Ensure identified issues are clearly documented, risk-rated, and aligned to enterprise issue management standards.
• Continuous Improvement & Program Maturity
• Identify opportunities to streamline, automate, and enhance risk assessment processes and reporting.
• Contribute to the ongoing maturity of the Technology and Cybersecurity Risk program through improved tooling, metrics, and analytics.
• Promote a strong risk culture by embedding risk considerations into technology planning and execution.

What You'll Bring:

• Experience: At least 8 years with strong IT and cybersecurity risk assessment experience, including:
• Prior risk management, audit and/or consulting experience
• Prior experience with designing and maintaining technology risk frameworks, with a strong understanding of key industry control frameworks (e.g., NIST CSF, ISO 27000, CSA CCM, CIS Controls, NIST AI, OWASP LLM Top 10, etc.)
• Prior experience in managing, performing and documenting business, technology and cybersecurity process walkthroughs, designing and executing control evaluations, analyzing results and providing recommendations.

• Knowledge and Education:

• Bachelor's degree in information technology/systems, Cybersecurity, Risk Management, Business Management, Finance, or related field
• Certifications CISSP, CISM, CCSP, CRISC or CISA preferred.
• Strong knowledge and understanding of cybersecurity, systems architecture, infrastructure, security and applications.

• Communications and Collaboration:

• Ability to communicate IT Risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them.
• Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed.
• Ability to work with team members and stakeholders in resolving issues and providing recommendations.
• Excellent interpersonal communication, writing and organizational skills.
• Ability to build partnerships and add value across businesses, technology groups, levels and disciplines.

• Familiar with relevant regulatory requirements (e.g., HIPAA, NYS DFS Cyber Regulation, etc.)

Proficient in Microsoft Office Suite, familiar with using ChatGPT, MS CoPilot, Gemini and other AI assistants.
#LI-VL1
#LI-HYBRID
Pay Transparency
Salary Range: $111,500-$159,000
Overtime eligible: Exempt
Discretionary bonus eligible: Yes
Sales bonus eligible: No
Actual base salary will be determined based on several factors but not limited to individual's experience, skills, qualifications, and job location. Additionally, employees are eligible for an annual discretionary bonus. In addition to base salary, employees may also be eligible to participate in an incentive program.
Company Overview
At New York Life, our 180-year legacy of purpose and integrity fuels our future. As we evolve into a more technology-, data-, and AI-enabled organization, we remain grounded in the values that drive lasting impact.
Our diverse business portfolio creates opportunities to make a difference across industries and communities-inviting bold thinking, collaborative problem-solving, and purpose-driven innovation. Here, you'll find the rare balance of long-standing stability and forward momentum, supported by an inclusive team that honors tradition while embracing progress.
As a Fortune 100 mutual company, we offer a place to grow your skills, contribute to meaningful work, and deliver solutions that matter. Your ideas drive what's next, and your growth powers it.
Our Benefits
We provide a full package of benefits for employees - and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs. Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work.Click hereto discover more about our comprehensive benefit options or visit our NYL Benefits Site.
Our Commitment to Inclusion
At New York Life, fostering an inclusive workplace is fundamental to who we are and how we serve our communities. We have a longstanding commitment to creating an environment where individuals can contribute their best and succeed together. This foundation is rooted in our core values of humanity and integrity, ensuring that every employee feels valued and supported. By embracing a broad range of perspectives and experiences, we achieve greater success and fulfill our promise of providing financial security and peace of mind to families across all communities. Click here to learn more about New York Life's leadership in this space.
Recognized as one of Fortune's World's Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and volunteerism, supported by the Foundation. We're proud that due to our mutuality, we operate in the best interests of our policy owners. To learn more about career opportunities at New York Life, please visit the Careers page of www.NewYorkLife.com.
Visit our LinkedIn to see how our employees and agents are leading the industry and impacting communities.
Visit our Newsroom to learn more about how our company is constantly evolving to meet our clients' and employees' needs.
Job Requisition ID: 93205