Third-Party Risk Strategy


Date: Nov 29, 2018

Location: New York, NY, US

Company: New York Life Insurance Co


A career at New York Life offers many opportunities. To be part of a growing and successful business. To reach your full potential, whatever your specialty. Above all, to make a difference in the world by helping people achieve financial security. It’s a career journey you can be proud of, and you’ll find plenty of support along the way. Our development programs range from skill-building to management training, and we value our diverse and inclusive workplace where all voices can be heard. Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and service, supported by our Foundation. It all adds up to a rewarding career at a company where doing right by our customers is part of who we are, as a mutual company without outside shareholders. We invite you to bring your talents to New York Life, so we can continue to help families and businesses “Be Good At Life.” To learn more, please visit LinkedIn, our Newsroom and the Careers page of




The Third-Party Risk Strategy Senior Associate is responsible for maintaining governance processes,  policies, procedures and deliver training to support risk management for third parties that do business with New York Life.  This individual will also be involved in reporting on third-party risk metrics.  In addition, this role will be supporting the implementation of a common and consistent Third-Party Risk Management (TPRM) program to effectively manage third-party risk in accordance with internal policy and regulatory requirements. 




The Third-Party Risk Strategy Senior Associate is responsible for understanding the firm’s risk agenda, third-party strategy, and working with the enterprise wide Third-Party Management Office (TPMO), lines-of-business Relationship Owners, Information Security Officers and third-parties to efficiently accomplish the following:

• Maintaining third-party risk policies, procedures and standards in line with firm's risk agenda and industry developments
• Schedule, coordinate and memorialize third-party risk governance committees at business and corporate levels
• Schedule, coordinate and review risk assessments of new and existing service providers 
• Collect assessment and issue data to publish third-party assessment and risk metrics on a regular basis
• Monitor business defined third-party risk tolerances
• Manage the retention of third-party governance documentation
• Keep third-party intranet site updated and deliver third-party risk training to key stakeholder groups
• Contribute to the permanent improvement of the supplier risk management program (process, framework, indicators…) 
• Participate in the definition of roadmaps and manage accordingly
• Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required internal standards and regulations
• Maintain broad knowledge of best practices and trends in the field of third-party risk
• Work as a member of the team, supporting necessary activities to ensure the success of the TPRM program as maybe delegated by the Head of TPRM




  • BA/BS required in Business, Finance, or related field
  • 5+ years of experience
  • CTPRP preferred
  • Understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, OCC Bulletin, etc.).
  • Experience in reviewing Service Organization Controls (SOC) reports (e.g., SSAE16s)
  • High level understanding of third-party risk domains (geo-political, financial, strategic, credit, IS/IT)
  • Knowledge of various assessment types (e.g., Share Assessments for suppliers, self-assessments, audits, vulnerability assessments, penetration tests, third-party assurance, financial viability, credit)
  • Experience in coordinating varied business functions
  • Comprehensive knowledge of  business functions, including a understanding of insurance industry third-party landscape
  • Ability to interpret and understand policies and standards
  • Abilit to identify process improvements in area of responsibility and work with mangement to drive change
  • Ability to analyze and consolidate business level third-party risk metrics to idenitfy actionable trends
  • Ability to collaborate with SMEs to solve complex problems
  • Ability to manage book of work and report on resourcing concerns




If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.

Job Segment: Social Media, Risk Management, Cyber Security, Information Security, Marketing, Finance, Strategy, Security, Technology