The Data Protection Operations Lead


Date: Nov 30, 2018

Location: Lebanon, NJ, US

Company: New York Life Insurance Co

New York Life Insurance Company (“New York Life” or “the company”) is the largest mutual life insurance company in the United States*. Founded in 1845, New York Life is headquartered in New York City, maintains offices in all fifty states, and owns Seguros Monterrey New York Life in Mexico.


New York Life is one of the most financially strong and highly capitalized insurers in the business. The company reported 2016 operating earnings of $1.954 billion. Total assets under management at year end 2016, with affiliates, totaled $538 billion.  As of year-end 2016, New York Life’s surplus was $23.336 billion**.  New York Life holds the highest possible financial strength ratings currently awarded to any life insurer from all four of the major ratings agencies: A.M. Best, A++; Fitch AAA; Moody’s Aaa; Standard & Poor’s AA+. (Source: Individual Third Party Ratings Report as of 8/17/16).


Financial strength, integrity and humanity—the values upon which New York Life was founded—have guided the company’s decisions and actions for over 170 years.


The Data Protection Operations Lead is a skilled professional who enjoys working in the security / privacy / risk related field and is very knowledgeable in the various specifics of the data protection domain. The individual’s operational experience includes and is not limited to the areas of data loss prevention, data classification, data discovery, encryption and obfuscation / masking and overall data access management.  This individual will be responsible for leading our data protection operations services, work closely with external business partners and service providers supporting the company’s data protection platforms.   

The well qualified candidate will be a stakeholder in the overall data protection program and help represent the operational needs and requirements in support of existing and new data protection services.

Direct experience operating and managing diversified corporate deployments of various layers of  Data Protection capabilities including but not limited to DLP (e.g. end point, mobile, file shares, cloud environments, …), DAR, database protection as well as email security and protection.  The candidate will also engage with our managed service providers to ensure they are performing their required responsibilities and continuously look for process improvements. This lead role will also be a key player in larger data protection programs and will work closely with management to identify operational activities and needs as the data protection program expands.

Role & Responsibilities

  • Lead the Data Protection Operational actives across different enterprise programs.
  • Understand and ensure operational activities are well documented and maintained through SOPs, RCMs, and other required documentation.
  • Implement new and enhance existing operational processes, establish new and refine existing standard operating procedures, process documentation and IT General Controls
  • Ensure resources are positioned to properly support the various data protection tools and activities therein.
  • Act as an escalation point to operational resources
  • Establish excellent working and management relationships with 3rd party service providers to help ensure service delivery objectives can be met.
  • Monitor and hold 3rd party service providers accountable through metrics, RACIs
  • Collaborate with data protection engineering team, providing continuous improvement feedback loop
  • Work with data protection engineering on systems maintenance, upgrades, and implementations
  • Participate in larger data protection program discussions to ensure operational activities are considered and sized adequately
  • Monitor the operations projects and track against budgets
  • Participate in budget planning activities
  • Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
  • Be a champion for data protection and information security; including broadening awareness, use of the team's services and education of security best practices.
  • Provide mentorship and support to teammates with regard to data protection and mitigation techniques and approaches.
  • Using a risk based approach, analyze New York Life data protection against open / closed information sources to best prioritize vulnerability hygiene activities.
  • Develop and improve KPIs, metrics, and trend analysis for data protection functions.
  • Ensure follow up and resolution to system alerts
  • Follow up on data protection alerts with business users and systems owners
  • Work with business users to understand business process to better tune monitoring systems
  • Produce reporting as required to manage systems as well as providing management with required monthly, quarterly, yearly and adhoc
  • Work with 3rd parties, monitor activities, and ensure SLA compliance
  • Ensure compliance with IT GRC’s and TDLC
  • Escalate issues and collaborate with engineering, 3rd parties, Event Management, Threat Intelligence and Incident response.

Required Qualifications:

  • Familiar with industry standard security best practices and data protection processes
  • Direct experience in the deployment and operation of current market services and technology. Specific knowledge with platforms like Symantec Data Protection Suite (Insight, Vontu, etc) Varonis, Imperva, Ironport are desired.
  • Excellent analytical and problem-solving skills.
  • Demonstrated team leadership skills:
    • Strong employee engagement;
    • Efficient when leading a team;
    • Sound decision making;
    • Giving and receiving feedback;
    • Culture change agent
    • Ability to work well cross functionally and attract and develop new talent
  • Demonstrated ability to participate in cross functional teams; including offsite, remote and with offshore resources.
  • Experience working in very large enterprise environment with diverse teams.
  • Effective written, verbal communication skills. Ability to tailor communication style to audience at hand and to effectively communicate with technical and non-technical resources.
  • Self-directed, works with minimal guidance, and recognizes when guidance needed.
  • Demonstrated ability to stay contemporary with the evolving security technology space as well as current standards and regulatory guidelines surrounding Data Protection and Data Privacy efforts.
    Familiarity with the concepts of NY DFS, GDPR, NIST, COBIT, PCI, HIPAA, ISO 27001/2, desired.


General Experience, Education and Professional Certifications:

  • Minimum 5+ years of operational experience in IT Security
  • BA/BS Degree in Engineering, Computer Science, or equivalent experience in Cyber Security and Engineering.
  • Preferred: CompTIA Security+, SSCP, CISSP or similar certifications



If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.


*Based on revenue as reported by “Fortune 500, ranked within Industries, Insurance: Life, Health (Mutual),” Fortune Magazine, June 17, 2016.  See  for methodology.

**Total surplus, which includes the Asset Valuation Reserve, is one of the key indicators of the company’s long-term financial strength and stability and is presented on a consolidated basis of the company.


1. Operating earnings is the key measure use by management to track Company’s profitability from ongoing operations and underlying profitability of the business. This indicator is based on generally accepted accounting principles in the US (GAAP), with certain adjustments Company believes to be appropriate as a measurement approach (non GAAP), primarily the removal of gains or losses on investments and related adjustments.


2. Assets under management represent Consolidated Domestic and International insurance Company Statutory assets (cash and invested assets and separate account assets) and third party assets principally managed by New York Life Investment management Holdings LLC, a wholly owned subsidiary of New York Life Insurance Company.

Nearest Major Market: New Jersey

Job Segment: Database, Operations Manager, Accounting, Engineer, Technology, Operations, Finance, Engineering