Third-Party Information Security Assessor

APPLY NOW »

Date: Nov 24, 2018

Location: New York, NY, US

Company: New York Life Insurance Co

 

A career at New York Life offers many opportunities. To be part of a growing and successful business. To reach your full potential, whatever your specialty. Above all, to make a difference in the world by helping people achieve financial security. It’s a career journey you can be proud of, and you’ll find plenty of support along the way. Our development programs range from skill-building to management training, and we value our diverse and inclusive workplace where all voices can be heard. Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and service, supported by our Foundation. It all adds up to a rewarding career at a company where doing right by our customers is part of who we are, as a mutual company without outside shareholders. We invite you to bring your talents to New York Life, so we can continue to help families and businesses “Be Good At Life.” To learn more, please visit LinkedIn, our Newsroom and the Careers page of www.NewYorkLife.com.

 

Summary:

 

The Third-Party Information Security (TPIS) Assessor is responsible for scheduling, coordinating and maintaining quality of assessments for third parties that do business with New York Life.  This individual will also be involved in the issue management process and management of issues identified through these TPIS assessments.  In addition, this role will be supporting the implementation of a common and consistent Third-Party Risk Management (TPRM) program to effectively manage third-party risk in accordance with internal policy and regulatory requirements. This role will report directly to the TPIS Assessment Manager.

 

Major Responsibilities:

 

Responsibilities include understanding the firm’s risk agenda, technology road map, and working with the enterprise wide Third-Party Management Office (TPMO), lines-of-business Relationship Owners, Information Security Officers and third-parties to efficiently accomplish the following:

 

  • Schedule, coordinate and review security assessments of new and existing service providers
  • Identify security issues and define appropriate risk levels and corrective actions
  • Report on assessment outcomes, risk level and associated recommendations
  • Follow up on corrective action plans
  • Managing the retention of evidence identified and obtained during TPIS assessments
  • Provide third-party assessment and risk metrics on a regular basis
  • Contribute to the permanent improvement of the supplier risk management program (process, framework, indicators…)
  • Participate in the definition of roadmaps and manage accordingly
  • Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required internal standards and regulations
  • Maintain broad knowledge of best practices and trends in the field of Information Security
  • Work as a member of the team, supporting necessary activities to ensure the success of the TPRM program as maybe delegated by the Head of TPRM

 

Qualifications:

 

  • BA/BS required in Computer Information Systems, Business, Finance, or related field
  • More than 5 years of related experience
  • CISSP, CISM, CTPRP, CRISC, CISA preferred
  • Understanding of key industry control frameworks (NIST Cyber Security Framework, COSO, COBIT, ISO 27000, etc.).
  • High level knowledge and understanding of systems architecture, infrastructure, security and applications
  • Experience in reviewing Service Organization Controls (SOC) reports (e.g., SSAE16s)
  • Knowledge of various assessment types (e.g., Share Assessments for suppliers, self-assessments, audits, vulnerability assessments, penetration tests, third-party assurance)
  • Ability to manage a book of work and report on resourcing concerns
  • Experience in planning, organization and conducting Thirs Party Assessments and Review
  • Ability to understand risk action plans
  • Ability to collaborate with CMEs to solve complex problems

 

SF:EF-MD1
#LI-MD1

EOE M/F/D/V

 

If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.


Job Segment: Information Security, Social Media, Information Systems, Risk Management, Technology, Security, Marketing, Finance