Corporate Vice President - Cyber Resiliency Lead

Location Designation:

Hybrid - 3 days per month

As part of Technology, you'll have the opportunity to contribute to groundbreaking initiatives that shape New York Life's digital landscape. Leverage cutting-edge technologies like Generative AI to increase productivity, streamline processes, and create seamless experiences for clients, agents, and employees. Your expertise fuels innovation, agility, and growth — driving the company's success.

The Cyber Resiliency Lead role is responsible for developing, implementing, and overseeing cyber resilience strategies that strengthen the organization’s ability to withstand and recover from advanced cyber disruptions across core technology layers. This role will be part of the first line cybersecurity team within NYL’s Information Technology Department. Responsibilities include resilience planning for core technology infrastructure and applications, as well as driving integration of cyber scenarios into disaster recovery (DR), business continuity (BC), and enterprise resilience efforts.

The role serves as the critical bridge between cybersecurity, enterprise technology, and enterprise risk management.

• Review and recommend cyber resilience recovery strategies and options and assist with the implementation of recovery solutions.
• Champion cyber resilience objectives in collaboration with infrastructure, enterprise technology, risk, and resiliency teams.
• Act as a thought leader on cyber resilience trends and industry best practices.
• Develop, implement, and maintain Objectives and Key Results (OKRs) and other relevant metrics to measure cyber resilience program effectiveness, maturity, and alignment with organizational goals.

• Assess and enhance recovery readiness for core technology services including (but not limited to) identity and access management (IAM), network, DNS, endpoint detection and response (EDR), and cloud platforms.
• Develop recovery tiering and technical recovery playbooks for cyber incidents (e.g., ransomware, data corruption, destructive attacks).
• Support impact assessments for emerging technologies (e.g., AI, zero trust, hybrid cloud) on cyber resilience.

• Lead decisioning and implementation of clean room and isolated recovery environments for rapid reconstitution.
• Define access, tooling, and procedures for maintaining and validating clean-room readiness.
• Implement (or partner with teams to support implementation) tools and solutions to be used for the recovery environment (e.g., cyber vault, recovery orchestrations, forensics).

• Enhance DR testing procedures to include cyber-disruption scenarios and recovery validation in partnership with enterprise resilience, enterprise technology, and business partners.
• Define minimum viable business and technology service levels for post-incident operation.
• Coordinate and lead cyber-focused tabletop exercises, cyber disruption scenarios, and recovery simulations for critical systems and playbook validation.
• Coordinate post-mortem reviews and incorporate lessons learned into future planning.
• Partner with Enterprise Resiliency to assess business function-level preparedness.
• Coordinate development of annual cyber resilience program objectives and schedules for annual recovery playbook maintenance and update, exercises and independent review and validation.
• Develop and coordinate cyber resilience program artifacts, including reporting, tracking, and monitoring.
• Provide expertise and support to management and recovery functions, as requested, when business disruption occurs.
• Work with critical third-party vendors to ensure that business requirements are addressed.

• Define standards for cyber readiness, recovery point/time objectives (RPO/RTO) under attack conditions, and cyber crisis escalation in partnership with enterprise risk management.
• Participate in governance bodies related to resilience, risk, and incident response.

• 15+ years in cybersecurity, technology risk, or IT disaster recovery roles
• Deep understanding and…