New York Life Insurance Company ("New York Life" or "the company") is the largest mutual life insurance company in the United States*. Founded in 1845, New York Life is headquartered in New York City, maintains offices in all fifty states, and owns Seguros Monterrey New York Life in Mexico.
New York Life is one of the most financially strong and highly capitalized insurers in the business. The company reported 2016 operating earnings of $1.954 billion. Total assets under management at year end 2016, with affiliates, totaled $538 billion. As of year-end 2016, New York Life's surplus was $23.336 billion**. New York Life holds the highest possible financial strength ratings currently awarded to any life insurer from all four of the major ratings agencies: A.M. Best, A++; Fitch AAA; Moody's Aaa; Standard & Poor's AA+. (Source: Individual Third Party Ratings Report as of 8/17/16).
Financial strength, integrity and humanity-the values upon which New York Life was founded-have guided the company's decisions and actions for over 170 years.
Job Function and Key Duties & Responsibilities
The Senior Software Security Advisor is skilled software security/risk professional who enjoys security / privacy / risk related work and is an expert in application security, secure coding practices, software security testing methodologies; as well as secure application architecture and design. This highly visible role within the CISO's organization will provide software security advisory, consulting and at times remediation expertise for ongoing development of the New York Life Software Security Center of Excellence.
The well qualified the candidate will drive and overall software security program design/build/run for the software that NYL develops and/or uses. In addition, the candidate will apply his/her detailed risk expertise to provide guidance in, risk remediation, with regards to architecture, development, testing of the software that NYL uses.
Role & Responsibilities
Lead the Application Security function and the enterprise application security framework development, compliance, strategy and governance for the CISO Organization (2 nd line of defense) which services all business units and corporate groups across NYL.
Leads 2 nd l line software security consulting efforts to support various NYL application development teams - includes application security reviews, requirements, threat modeling, analysis of software vulnerabilities, remediation prioritization, and other key 2 nd line software security program deliverables.
Supports the oversight of software security testing and vulnerability remediation for new, legacy, hosted/SaaS and COTS platforms across the NYL environment.
Supports the review of 3 rd party software that NYL may acquire.
Helps to set requirements that drive the engineering, analysis and performance of application security technologies; as well as reviewing the output of these systems and processes.
Lead the development of security policy and standards that effect application security across the enterprise
Manages the delivery of software security policy and standard that affect the lifecycle of coding practices, testing methodologies and other key software security related practices.
Provides guidance to the evaluation and development of emerging application protection technologies at New York Life.
Consulted on Technology Security engineering deliverables as part of coordination and delivery of application penetration testing, architecture and design review decisions for assigned areas of expertise; contributing an expert understanding of vulnerable conditions and remediation prioritization approaches.
Provides education and coaching to less experienced staff to encourage quality and consistent approaches with regard do application security.
Maintains contemporary knowledge of current and future application security technologies, concepts and architectures.
Experience in the development/maintenance of: software security programs, policy, standards and process
Versed in software security design (Waterfall, Agile, etc) and testing methodologies (SAST, DAST, IAST, RASP, SCA, Pen Testing); as well as familiarity with any of the following products: HP Fortify, VeraCode, Prevoty, IBM AppScan, Contrast Security, WhiteHat Security, Seeker, Coverity, Protecode, SecureAssist, etc.
Experienced with performing root cause analysis, risk identification, and risk mitigation.
Experience understanding the areas of application architecture and software design, SDLC operations and secure software engineering.
Interpersonal skills including the ability to collaborate effectively, and excellent written and oral communications.
Some hands-on experience with software engineering, software lifecycle management, Knowledge of common problem resolution activities for enterprise grade applications.
Additional preferred experience - Experience with the cloud (AWS, Azure, RackSpace, etc), DevOps, CI/CD Pipeline Development, and Ethical Hacking.
Overall Experience, Education and Professional Certifications:
Minimum 5-7 years of expanding responsibility
BA/BS Degree in Software Engineering, Computer Science, or equivalent experience in Software Security and Cyber Security Engineering.
CISSP, CEH or similar certifications required
If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.
* Based on revenue as reported by "Fortune 500, ranked within Industries, Insurance: Life, Health (Mutual)," Fortune Magazine, June 17, 2016. See http://fortune.com/fortune500/ for methodology. ** Total surplus, which includes the Asset Valuation Reserve, is one of the key indicators of the company's long-term financial strength and stability and is presented on a consolidated basis of the company.
1. Operating earnings is the key measure use by management to track Company's profitability from ongoing operations and underlying profitability of the business. This indicator is based on generally accepted accounting principles in the US (GAAP), with certain adjustments Company believes to be appropriate as a measurement approach (non GAAP), primarily the removal of gains or losses on investments and related adjustments.
2. Assets under management represent Consolidated Domestic and International insurance Company Statutory assets (cash and invested assets and separate account assets) and third party assets principally managed by New York Life Investment management Holdings LLC, a wholly owned subsidiary of New York Life Insurance Company.