Business Information Security Officer


Date: Jul 31, 2019

Location: New York, NY, US

Company: New York Life Insurance Co


A career at New York Life offers many opportunities. To be part of a growing and successful business. To reach your full potential, whatever your specialty. Above all, to make a difference in the world by helping people achieve financial security. It’s a career journey you can be proud of, and you’ll find plenty of support along the way. Our development programs range from skill-building to management training, and we value our diverse and inclusive workplace where all voices can be heard. Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and service, supported by our Foundation. It all adds up to a rewarding career at a company where doing right by our customers is part of who we are, as a mutual company without outside shareholders. We invite you to bring your talents to New York Life, so we can continue to help families and businesses “Be Good At Life.” To learn more, please visit LinkedIn, our Newsroom and the Careers page of


The Business Information Security Officer (BISO) will play an integral part in the development, implementation, and compliance of cyber security across the assigned business aligned division. The BISO functions as the central information & cyber security advocate for the assigned business division.

  • Assists with the adherence of information security policies, standards and procedures.
  • Promotes corporate cyber security awareness activities.
  • Advises the business teams on cyber security matters based on the company's risk tolerance, global information security strategy, and as directed by the Chief Information Security Officer. 

The BISO is a strategically aligned, and dedicated, senior manager accountable for implementing and delivering the NYL Corporate information security strategy, risk management, and assurance objectives into their designated line of business. In addition the role must reflect the needs of the line of business to the CISO.  Reporting to the Chief Information Security Officer (CISO) the BISO role supports the implementation of the information security program, provide advice and oversight to ensure that information security policy is complied with for their business division’s processes and systems.  The BISO is the supported division’s primary subject matter expert in the area of cyber and information security systems and technologies and is to be engaged with the business unit, acting in a consultative way to ensure security policies are being adhered to and incorporated into their processes and procedures.


Key Responsibilities:

  • Accountable for the implement the NYLIC Information Security Policy and Standards across assigned business division 
  • Ensure that appropriate visibility of non-compliance is raised through the corporate issues and risk management processes
  • Be a subject matter expert (SME) for the NYLIC Information Security Policy and Standards
  • Collaborate with colleagues regarding changes to policies and standards that enhance business security while promoting effective business work flows   
  • Interprets and translates the Information Security Policy and Standards into technical requirements 
  • Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions 
  • Provide escalation path and coordination for information security issues, incidents and enquiries
  • Support Information Security , Cyber and Risk Assessments for the line of business and third parties 
  • Provide regular, timely reporting on the information security status across the supported business division
  • Support and perform information security reviews and control compliance assessments 
  • Reviewing business processes and technology for policy violation/non-compliance areas
  • Support and perform acquisition due diligence for Information Security risks and control deployment
  • Be a part of the business division technology team and act as an information and Cyber security SME to help business improve its security posture and adhere to security policies and expected controls
  • Ensuring new products/services, applications, new third party or client relationship, etc. has appropriate security controls embedded and that the risks are appropriate addressed 
  • Participate in business division related conferences or client facing engagements and present as needed
  • Support business in managing and preventing future incidents and providing incident coordinator services as needed



  • CISSP/CISM/CRISC or similar preferred
  • Bachelor's Degree in Computer Science/Cybersecurity/Risk Management or similar preferred
  • 8+ years of experience
  • A general understanding of common enterprise technologies, business and enterprise risk, regulatory and compliance requirements a must.
  • An understanding of enterprise, network, and cloud based technologies
  • An understanding of IT Risk & Control frameworks
  • Experience developing and delivering information security programs in compliance with common industry frameworks (ISO, NIST, COBIT, ITIL, etc.)
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
  • An understanding of organizational mission, values, and goals and consistent application of this knowledge
  • A sensitivity to the cultural norms of the IT organization and the other division in which they're partially embedded
  • Proactively engage the businesses to identify, document and drive remediation of excessive risks and non-compliant activities




If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.

Job Segment: Information Security, Corporate Security, Social Media, Risk Management, Technology, Security, Marketing, Finance