Corporate Vice President

Location Designation: Hybrid - 3 days per week 

Role Overview

Lead the strategy, governance, operating model, and execution oversight for Enterprise Vulnerability Management across infrastructure, cloud, endpoints, and application-dependent services. This role creates a centralized function that turns scan findings into measurable risk reduction by aligning asset visibility, risk-based prioritization, patching discipline, remediation orchestration, and executive accountability

You will own accountability for vulnerability remediation performance across the enterprise. Success depends on strong partnership with platform, application, security, and risk teams, backed by senior leadership endorsement that gives the role authority to drive remediation actions, enforce SLA discipline, and escalate unmanaged risk.

What You’ll Do:

Strategy, Governance & Operating Model

• Own the enterprise vulnerability remediation strategy and roadmap across on-prem, cloud, and SaaS environments.
• Define and enforce standards, policies, and controls for scanning, triage, remediation SLAs, and exception handling.
• Chair or co-chair governance forums covering vulnerability risk, remediation progress, and chronic issues with Infra, App, Security, and Risk leaders.
• Design a centralized operating model that integrates scanning, triage, remediation execution, change coordination, and executive reporting.

Enterprise Platform Ownership

• Serve as executive product owner for vulnerability management platforms (network and host scanners, container and cloud posture tools, application security integrations).
• Define platform roadmaps, integration priorities (CMDB, asset inventory, ITSM, SIEM, GRC), and data quality objectives.
• Ensure platforms are reliable, scalable, and easy for engineering teams to consume (dashboards, APIs, reports).

Asset, Exposure & Risk Prioritization

• Partner with CMDB, asset management, and cloud teams to maintain accurate, in-scope inventories tied to business services and criticality.

• Implement risk-based prioritization that accounts for exploitability, business impact, exposure, compensating controls, and critical asset classes such as internet-facing and crown-jewel systems.
• Standardize risk scoring and rapid treatment paths for KEVs, zero-days, high-risk misconfigurations, and systemic control failures.

Remediation Orchestration & Integration with IT Operations

• Align vulnerability remediation with patching, configuration management, and change processes in IT Operations.
• Define and track remediation SLAs for different classes of vulnerabilities and assets; drive accountability with platform and app owners.
• Partner with AIOps/Automation teams to implement automated fixes and workflow orchestration where safe and appropriate.

Cloud, Container & Application Security Alignment

• Integrate vulnerability management with cloud security posture management (CSPM), container scanning, and application security pipelines (SAST/DAST/Software Composition Analysis).
• Ensure DevOps/SRE teams receive actionable, contextualized findings early in the lifecycle.
• Help define secure baselines, golden images, and hardened configurations that reduce recurring vulnerabilities.

Metrics, Reporting & Executive Communication

• Define and manage key performance indicators and risk metrics (e.g., mean time to remediate by severity, SLA adherence, exposure windows, vulnerability density on critical assets).
• Produce regular reporting and dashboards for Technology leadership, the CISO organization, Risk, and regulators/internal audit as needed.
• Translate technical risk into business impact and clear remediation priorities for senior stakeholders.

Incident & Crisis Support

• Support Security and Incident Response teams during high-severity events (zero-days, active exploits) with rapid asset scoping, prioritization, and remediation coordination.
• Ensure lessons learned from incidents are codified into playbooks, standards, and automation.

Leadership, People & Culture

• Lead and develop a team of vulnerability management engineers, analysts, and program managers.
• Foster a culture of “secure-by-default” and shared responsibility for vulnerability remediation across Infra, App, and Operations teams.
• Provide coaching, training, and clear guidance to engineering teams on patching practices, exception handling, and secure configurations.

Authority and Scope

• This role requires explicit senior leadership endorsement to operate effectively across organizational boundaries. The role holder is empowered to:
• Set enterprise remediation expectations, standards, and SLA timelines.
• Require remediation plans and target dates from infrastructure and application teams.
• Escalate missed deadlines, unresolved blockers, and unmanaged risk through formal governance channels.
• Challenge unsupported exception requests and ensure risk acceptance is documented, time-bound, and approved at the right level.
• Coordinate end-to-end remediation activity spanning endpoints, servers, cloud, middleware, containers, and application-dependent services.

Success Measures & Key Outcomes (First 6–12 Months)

• Visibility & Data Quality - High-confidence coverage of in-scope assets (servers, endpoints, cloud workloads, containers, critical apps) with regular scanning cycles.
• SLA adherence - Critical and high vulnerabilities remediated within target windows across endpoint, server, cloud, and application-dependent environments.
• Risk reduction- Reduction in aging critical findings, repeat exposure on tier-1 assets, and exception backlog.
• Operational integration - Patching and remediation embedded into change and maintenance processes with clear ownership and workflow evidence.
• Executive visibility - Dashboards and governance reporting routinely used by Technology, Security, Risk, and Audit leadership.
• Control maturity - Improved audit outcomes, stronger evidence quality, and reduced recurrence of remediation process gaps.
• Reporting & Assurance - Executive dashboards and metrics in place, used routinely by Technology and Security leadership. Positive feedback from Internal Audit/Compliance on evidence quality, coverage, and remediation discipline.

What You'll Bring:

• 12–15+ years of experience in Infrastructure/IT Operations, Security Engineering, or SRE, with 5+ years in senior leadership roles owning vulnerability management and/or patching at enterprise scale.
• Deep understanding of enterprise infrastructure and platforms: Windows/Linux, databases, network devices, endpoints, cloud (AWS/Azure/GCP), and Kubernetes or containerized workloads.
• Hands-on familiarity with vulnerability management tooling, such as Tenable, Qualys, Rapid7, cloud-native security services, and container/image scanning platforms.
• Strong experience integrating vulnerability platforms with ITSM/CMDB, asset management, SIEM, and GRC tools.
• Proven track record building and running risk-based remediation programs with clear SLAs, metrics, and reporting to senior leadership.

• Solid knowledge of security frameworks and regulatory requirements, such as NIST CSF, CIS controls, SOX, NYDFS, PCI, or similar.
• Strong understanding of change, patch, and configuration management in large IT Operations environments.
• Demonstrated ability to influence senior stakeholders, negotiate priorities, and drive decisions across Technology, Security, and Business teams.
• Excellent communication, storytelling, and presentation skills—able to convey complex technical risk in clear business terms.

Nice to Have

• Experience in financial services or other highly regulated industries.
• Background with application security (SAST/DAST/SCA), CSPM, and container security; experience embedding security into CI/CD.
• Relevant certifications: CISSP, CISM, CRISC, cloud security certs (e.g., CCSP), or ITIL/SRE credentials.

Working Model

Hybrid role based in New York, NY with regular in-person collaboration for governance forums, planning sessions, and key events. Occasional off-hours engagement may be required during critical security events or major remediation campaigns. You’ll operate at the intersection of IT Operations and Cybersecurity to reduce risk while enabling reliable, modern platforms for the business.

Pay Transparency

Salary Range: $147,500-$211,000 

Overtime eligible: Exempt 

Discretionary bonus eligible: Yes 

Sales bonus eligible: No 

Actual base salary will be determined based on several factors but not limited to individual’s experience, skills, qualifications, and job location. Additionally, employees are eligible for an annual discretionary bonus. In addition to base salary, employees may also be eligible to participate in an incentive program.

Our Benefits

We provide a full package of benefits for employees – and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs. Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work. Click here to discover more about our comprehensive benefit options or visit our NYL Benefits Site.

Our Commitment to Inclusion
At New York Life, fostering an inclusive workplace is fundamental to who we are and how we serve our communities. We have a longstanding commitment to creating an environment where individuals can contribute their best and succeed together. This foundation is rooted in our core values of humanity and integrity, ensuring that every employee feels valued and supported. By embracing a broad range of perspectives and experiences, we achieve greater success and fulfill our promise of providing financial security and peace of mind to families across all communities. Click here to learn more about New York Life’s leadership in this space.​

Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and volunteerism, supported by the Foundation. We're proud that due to our mutuality, we operate in the best interests of our policy owners. To learn more about career opportunities at New York Life, please visit the Careers page of www.NewYorkLife.com.

​Visit our LinkedIn to see how our employees and agents are leading the industry and impacting communities.

Visit our Newsroom to learn more about how our company is constantly evolving to meet our clients' and employees’ needs.

Job Requisition ID: 94038