IT Risk Assessment Manager


Date: May 3, 2019

Location: New York, NY, US

Company: New York Life Insurance Co


A career at New York Life offers many opportunities. To be part of a growing and successful business. To reach your full potential, whatever your specialty. Above all, to make a difference in the world by helping people achieve financial security. It’s a career journey you can be proud of, and you’ll find plenty of support along the way. Our development programs range from skill-building to management training, and we value our diverse and inclusive workplace where all voices can be heard. Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and service, supported by our Foundation. It all adds up to a rewarding career at a company where doing right by our customers is part of who we are, as a mutual company without outside shareholders. We invite you to bring your talents to New York Life, so we can continue to help families and businesses “Be Good At Life.” To learn more, please visit LinkedIn, our Newsroom and the Careers page of


The IT Risk Assessment (RA) Manager is a key member of the Risk Assessments team.  The team is responsible for providing governance and oversight of the assessments performed by the IAM first line of defense teams to ensure controls are in alignment with New York Life policies, standards and control requirements. 

This individual will also be responsible for managing and conducting independent risk and control assessments across all technology layers and validating whether action plans being implemented by the first line of defense teams adequately address identity management and other cybersecurity risks.  The IT RA Manager will support the existing IAM oversight program which includes managing walkthroughs and assessments of risk and controls, and reporting progress of the control evaluation to senior management.  


  • Act as the primary liaison to work with NYL Technology and Subsidiaries on the IAM program

  • Manage and lead evidence-based assessments of applications, infrastructure and processes

  • Provide advice and recommendations to business leaders for decisions regarding Identity Access Management related topics

  • Oversight and governance of implementation of IAM program and controls

  • Tracking and Monitoring of program milestones and deliverables

  • Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments

  • Monitor and validate asset and control risk remediation actions for completeness and sustainability

  • Lead analysis of assessment results to identify recurring risk themes

  • Improve and develop reporting of risk and control metrics

  • Act as the first escalation point for risks and issues interacting with the business

  • Report and escalate issues to senior management and the Risk Assessments Lead as appropriate

  • Make IT risk and business decisions, working with other IT groups to ensure solid cross-functional decisions are made as a team

  • Work as a member of the team, performing functions such as point of contact for questions on risk assessments, control deficiencies, policies, etc., and providing other necessary activities to ensure the success of the Risk Assessment program


  • At least 8 years with strong IT or cybersecurity risk assessment experience, including:
    • Prior identity and access management, risk management and/or consulting experience
    • Prior experience in planning, organizing, and conducting detailed IT Risk and Control Reviews, with a focus on Identity and Access Management
    • Prior experience in managing, performing and documenting business process and technology process walkthroughs
    • Prior experience in creating control evaluation procedures and documenting testing performed
    • Prior experience in performing application and infrastructure layer control assessments
  • Bachelor’s degree in Information Technology/Systems, Business Management, Finance, or related field
  • CISSP, CISM, CRISC or CISA preferred
  • Strong understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, etc.).
  • Strong knowledge and understanding of identity and access management, systems architecture, infrastructure, security and applications
  • Ability to communicate IT Risk assessment information (with a focus on Identity and Access Management) to non-technical business leaders to ensure they comprehend the risk being assigned to them
  • Able to effectively communicate evaluation of risk remediation plans to action plan owners to ensure that mitigation activities are appropriately addressed
  • Ability to work independently; critical thinker; able to look at the big picture
  • Ability to work with team members and stakeholders in resolving issues and providing recommendations
  • Excellent interpersonal, communication, writing and organizational skills
  • Ability to build partnerships and add value across businesses, technology groups, levels and disciplines
  • Proficient in Microsoft PowerPoint, Excel, Word, Project, Visio and SharePoint





If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.

Job Segment: Risk Management, Consulting, Social Media, Developer, Business Manager, Finance, Technology, Marketing, Management